Andy BaioJul 1, 2023
For the last two days, Elon Musk has been publicly freaking out about "EXTREME levels of data scraping," so added "temporary emergency measures" like blocking logged-out views and adding tight rate limits on viewing tweets. But, apparently noticed first here by @sysop408, a Javascript bug in the Twitter web app is self-DDOSing their servers, sending an endless loop of requests — which seems related to their scraping panic. https://waxy.org/2023/07/twitter-bug-causes-self-ddos-possibly-causing-elon-musks-emergency-blocks-and-rate-limits-its-amateur-hour/
Twitter bug causes self-DDOS tied to Elon Musk's emergency blocks and rate limits: "It's amateur hour" - Waxy.org

An "amateur hour" Javascript bug is self-DDOSing Twitter, sending infinite requests from users related to — or possibly even causing — Elon Musk's "temporary emergency measures" to stop web scraping.

Waxy.org
Show threadNeil KandalgaonkarJul 1, 2023

@andybaio @sysop408

@Pwnallthethings also noted that Twitter had to exit GCP this weekend.

They may have been trying to shed load in advance of a reduction in some capacities, but blamed it on scrapers (misdirection? mistake? who knows) But then inadvertently self-DDoSed at least from some clients.

https://mastodon.social/@Pwnallthethings/110640380771469469

Show threadAndy BaioJul 1, 2023
@neilk @sysop408 @Pwnallthethings Interesting! I added that in.
Show threadAndy BaioJul 1, 2023
@neilk or maybe not https://www.engadget.com/twitter-has-supposedly-started-paying-its-google-cloud-bill-again-213824844.html
Engadget is part of the Yahoo family of brands

Show threadNeil Kandalgaonkar

@andybaio 🤔 I just don’t understand how they would go offline from only the web bug. I think it’s a side effect

Twitter probably has (had?) among the most sophisticated DDoS mitigation in the world and they are many ways to fix the underlying bug

Plus, I doubt many people are even using the website these days

I have personally seen a mitigation and recovery from a self-DDoS, quickly, with vastly less sophisticated tools

Jul 1, 2023 at 9:04pmWeb
Show threadAndy BaioJul 1, 2023
@neilk yeah, I don't think it's just the web bug either, probably a side effect of the blocks or rate limiting rather than the other way around