RE: Steemit.com is experiencing a DDoS attack. by lukestokes

Viewing a response to: @sneak/steemit-com-is-experiencing-a-ddos-attack

steemit · @lukestokes · Oct 6 '17 (edited)

$9.39

Some questions:

1) When will steemit have a proper status page with outage reports and updates on progress? This is quite standard for online businesses today.
2) Why no word from the @steemitdev account? Until a proper status page is up, updates from that account would be greatly appreciated. 9+ hours of downtime with no update is pretty extreme.
3) Who is running the Steemit twitter account? Are <a href="https://twitter.com/steemit/status/916219096815099904">replies like this</a> normal? Seems rather unprofessional.
4) DDoS is rough. I'm sure you are all doing the best you can under the circumstances, but why not put something behind a service like Cloudflare? Why not put up a static page on a global CDN with periodic updates and update dns for steemit.com to point to that until you're up and running again?

Seeing 5XX errors on a global site like this really hurts confidence. Twitter has their fail whale. Github has the angry pink unicorn. Can we get something for steemit as well? A static page communicating that you are aware of an outage goes a long way.

Thanks for listening. I hope you and your team are able to navigate through this quickly and put things in place to ensure it doesn't happen again in the future.

Edit: More thoughts <a href="https://steemit.com/steemit/@lukestokes/steemit-needs-its-own-mascot-of-failure">here</a>.

👍 fulltimegeek, nanzo-scoop, voronoi, ats-david, lexiconical, teamsteem, ausbitbank, edje, denmarkguy, ashe-oro, ocrdu, drakos, the-ego-is-you, frankbacon, steevc, jasonbu, raised2b, siddartha, heymattsokol, lovejoy, bacchist, heroic15397, old-guy-photos, joshpeterson, nataliejohnson, sezycei, onur1s, fancydad, dennisphillips, brendashockley, trenton.w52, the-traveller

`post_id`	14,642,414
`author`	lukestokes
`permlink`	re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171006t140245136z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "users": ["steemitdev"], "links": ["https://twitter.com/steemit/status/916219096815099904", "https://steemit.com/steemit/@lukestokes/steemit-needs-its-own-mascot-of-failure"], "tags": ["steemit"]}"
`created`	2017-10-06 14:02:45
`last_update`	2017-10-06 15:39:09
`depth`	1
`children`	13
`net_rshares`	3,753,342,600,191
`last_payout`	2017-10-13 14:02:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	7.408 SBD
`curator_payout_value`	1.985 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	1,360
`author_reputation`	395,063,281,398,324
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (32)

voter	rshares	pct
lovejoy	4,602,477,727	10%
teamsteem	185,756,439,716	1%
nanzo-scoop	824,866,581,225	20%
ashe-oro	51,253,181,038	100%
bacchist	4,119,262,392	2%
ausbitbank	159,901,408,233	1%
fulltimegeek	1,244,354,164,402	9%
frankbacon	25,677,609,315	100%
steevc	23,155,198,607	8%
ats-david	272,507,249,952	2%
the-ego-is-you	25,861,352,780	100%
heroic15397	3,894,356,125	10%
ocrdu	41,211,576,379	100%
voronoi	390,907,906,127	50%
edje	130,993,806,544	100%
old-guy-photos	3,407,457,511	10%
heymattsokol	5,362,471,762	11%
denmarkguy	51,286,031,639	20%
siddartha	9,803,771,572	100%
the-traveller	0	100%
lexiconical	232,799,665,177	15%
drakos	26,073,127,513	25%
nataliejohnson	1,178,574,750	5%
jasonbu	14,371,822,990	100%
raised2b	13,647,812,539	20%
joshpeterson	2,943,207,226	100%
onur1s	1,032,686,731	100%
trenton.w52	0	100%
brendashockley	110,258,552	20%
dennisphillips	110,258,552	20%
fancydad	992,299,375	100%
sezycei	1,160,583,740	100%

@edje · Oct 7 '17 (edited)

$0.29

I 100% agree to status pages! Steemit is lacking many things that can be expected from an entry level decent webservice. STINC seems not to care about the community that makes them big! But I think in cryptospace anything goes, spamming scamming and enormous egocentric behaviours and not understanding how to deal with communities, consumers etc including the lack of understanding how to actually make a good social network with a monetisation model for those who need to create, run, manage and operate it.

👍 ocrdu, drakos, frankbacon, detlev, trenton.w52

`post_id`	14,642,947
`author`	edje
`permlink`	re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171006t142128855z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemit"]}"
`created`	2017-10-06 14:21:27
`last_update`	2017-10-07 11:32:00
`depth`	2
`children`	1
`net_rshares`	117,465,852,747
`last_payout`	2017-10-13 14:21:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.221 SBD
`curator_payout_value`	0.071 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	509
`author_reputation`	89,353,405,873,727
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (5)

voter	rshares	pct
frankbacon	25,145,430,883	100%
ocrdu	41,835,994,203	100%
detlev	24,411,300,148	24%
drakos	26,073,127,513	25%
trenton.w52	0	100%

@frankbacon · Oct 6 '17

$0.06

Well said!

👍 edje, trenton.w52

`post_id`	14,660,229
`author`	frankbacon
`permlink`	re-edje-re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171006t214107725z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemit"]}"
`created`	2017-10-06 21:41:06
`last_update`	2017-10-06 21:41:06
`depth`	3
`children`	0
`net_rshares`	25,932,784,036
`last_payout`	2017-10-13 21:41:06
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.048 SBD
`curator_payout_value`	0.015 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	10
`author_reputation`	28,111,815,178,699
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
edje	0 B		25,932,784,036	20%
trenton.w52	0 B		0	100%

@heymattsokol · Oct 6 '17

$0.06

That twitter exchange is horrible... Stuff like that puts steemit in a terrible light. I also would like to know who is running the account.

👍 the-ego-is-you

`post_id`	14,644,174
`author`	heymattsokol
`permlink`	re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171006t143949772z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemit"]}"
`created`	2017-10-06 14:39:51
`last_update`	2017-10-06 14:39:51
`depth`	2
`children`	0
`net_rshares`	25,311,111,231
`last_payout`	2017-10-13 14:39:51
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.047 SBD
`curator_payout_value`	0.015 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	140
`author_reputation`	75,470,595,669,689
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
the-ego-is-you	0 B		25,311,111,231	100%

@raised2b · Oct 6 '17

$0.06

Luke nailed it. All 4 points were spot on.

Whoever is in control of the Twitter account needs to be removed immediately.

👍 frankbacon

`post_id`	14,644,699
`author`	raised2b
`permlink`	re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171006t144635960z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemit"]}"
`created`	2017-10-06 14:46:36
`last_update`	2017-10-06 14:46:36
`depth`	2
`children`	1
`net_rshares`	26,209,787,746
`last_payout`	2017-10-13 14:46:36
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.049 SBD
`curator_payout_value`	0.015 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	121
`author_reputation`	5,769,140,438,102
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
frankbacon	0 B		26,209,787,746	100%

@frankbacon · Oct 6 '17 (edited)

"Luke nailed it. All 4 points were spot on."

AGREED!
----

And as for @sneak's quote...

    "We're working on mitigating it. Stay tuned."

Stay "**TUNED**" where exactly?  Twitter?

Man...  

I only use SteemIt because it's the only Blockchain out there that does what it does.
But based on it's "Team," it is also **THE WORST**.

👎 sneak

`post_id`	14,659,857
`author`	frankbacon
`permlink`	re-raised2b-re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171006t213408917z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "users": ["sneak"], "tags": ["steemit"]}"
`created`	2017-10-06 21:34:09
`last_update`	2017-10-06 21:39:42
`depth`	3
`children`	0
`net_rshares`	-5,155,358,331,794
`last_payout`	2017-10-13 21:34:09
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	331
`author_reputation`	28,111,815,178,699
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
sneak	0 B		-5,155,358,331,794	-100%

@lukestokes · Oct 6 '17

$0.06

I just put some thoughts down in a post. <a href="https://steemit.com/steemit/@lukestokes/steemit-needs-its-own-mascot-of-failure">We need our own fail mascot</a>. I'm trying to stay positive about this stuff, but it's difficult when some basics aren't in place like a status page or a static "We're working on it!" page.

👍 the-ego-is-you

`post_id`	14,645,467
`author`	lukestokes
`permlink`	re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171006t145657625z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "links": ["https://steemit.com/steemit/@lukestokes/steemit-needs-its-own-mascot-of-failure"], "tags": ["steemit"]}"
`created`	2017-10-06 14:56:57
`last_update`	2017-10-06 14:56:57
`depth`	2
`children`	1
`net_rshares`	24,760,869,683
`last_payout`	2017-10-13 14:56:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.046 SBD
`curator_payout_value`	0.014 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	321
`author_reputation`	395,063,281,398,324
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
the-ego-is-you	0 B		24,760,869,683	100%

@the-ego-is-you · Oct 6 '17

A little bit tragic, at least for me personally, that I made such a confident post on why we needed Steem and used a picture of the Reddit failure one...

properties (22)

`post_id`	14,648,741
`author`	the-ego-is-you
`permlink`	re-lukestokes-re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171006t154700941z
`category`	steemit
`json_metadata`	"{"app": "busy/2.0.0", "community": "busy", "tags": ["steemit"]}"
`created`	2017-10-06 15:47:00
`last_update`	2017-10-06 15:47:00
`depth`	3
`children`	0
`net_rshares`	0
`last_payout`	2017-10-13 15:47:00
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	153
`author_reputation`	7,025,328,989,730
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@denmarkguy · Oct 6 '17

$0.10

Spot on, Luke.

As the popularity and visibility of the platform grows, we also need to put a little more effort into the "public face" of Steemit. We can't honestly expect the world to take us seriously enough that Steemit becomes a "household name" if we come across as a *Made in Bob's Garage Production.*

Yes, I think we need our own "Fail Mascot" here. We have tons of talented graphic designers here... maybe even turn it into a community contest/challenge.

Not super impressed with the twitter response... a little too "home made" and not very professional.

👍 ocrdu, trenton.w52

`post_id`	14,657,733
`author`	denmarkguy
`permlink`	re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171006t204614161z
`category`	steemit
`json_metadata`	"{"app": "busy/1.0.0", "tags": ["steemit"]}"
`created`	2017-10-06 20:46:15
`last_update`	2017-10-06 20:46:15
`depth`	2
`children`	0
`net_rshares`	40,587,158,555
`last_payout`	2017-10-13 20:46:15
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.074 SBD
`curator_payout_value`	0.025 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	566
`author_reputation`	468,933,340,012,582
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
ocrdu	0 B		40,587,158,555	100%
trenton.w52	0 B		0	100%

@old-guy-photos · Oct 7 '17

Brovo, Sir!
Some basic, basic steps need to be taken.

properties (22)

`post_id`	14,740,718
`author`	old-guy-photos
`permlink`	re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171007t194725067z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemit"]}"
`created`	2017-10-07 19:47:27
`last_update`	2017-10-07 19:47:27
`depth`	2
`children`	0
`net_rshares`	0
`last_payout`	2017-10-14 19:47:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	53
`author_reputation`	242,971,623,482,939
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@sneak · Oct 8 '17 (edited)

What is the worst case scenario if we NEVER do that?

Seriously, though - this is a rare occurrence. If we do none of that, then what is the delta between doing all of that? There are some major security considerations involved in doing that that Twitter and GitHub don’t have to contend with.

We are different than other companies, and will likely do a lot of things differently than people are used to. Some will be better, some will be worse. In this case, though, I ask you to consider the alternative. It’s confusing for the subset of active users for the subset of time we are down. What is the harm done?

That Twitter thing was a straight fuck up, though.

properties (22)

`post_id`	14,783,876
`author`	sneak
`permlink`	re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171008t100246300z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemit"]}"
`created`	2017-10-08 10:02:45
`last_update`	2017-10-08 10:05:54
`depth`	2
`children`	3
`net_rshares`	0
`last_payout`	2017-10-15 10:02:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	664
`author_reputation`	27,542,287,033,381
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@lukestokes · Oct 8 '17

$1.76

> What is the worst case scenario if we NEVER do that?

Worst case? The company and the site will not be taken seriously by professional investors and brands who might otherwise integrate and risk their brand reputation by being associated with this project. I know that's an extreme case, but please hear me out.

> What is the harm done?

This, I think, gets at the core of concern I've been hearing from the community over the past year+ I've been here. 10 hours of down time for a brand is _serious harm done_. Any and all downtime that isn't well-communicated and explained is harm done. Most professional companies fully and completely understand this. If Steemit, inc does not, that's really concerning. People that may have been supporters of the platform may never come back because of that failed first impression. It seems _more_ shady if the site returns a default browser error than if the site has a status page and explains a professional team of developers know about the issue and are working on it. If people can't review a history of previous downtime on a status page, they can't evaluate if the site is legit or a scam during those outages. Too many people already think anything cryptocurrency related is a scam and impressions like this don't help improve that perception.

> Seriously, though - this is a rare occurrence.

I have to respectfully disagree. Being out this long due to a DDoS attack, yes, that's very rare. Seeing a 5XX response on steemit.com? Unfortunately not very rare. Over the past year, it has happened many, many times to me and others. IMO, it's well past time to have a status page and a professional 5XX response page. For each hard-fork that I can remember, the site experienced some issues. IMO, it would be much better to display a status page instead of a broken site.

> There are some major security considerations involved in doing that that Twitter and GitHub don’t have to contend with.

GitHub deals with PCI and HIPPA compliant source code for companies processing billions and billions of dollars worth of transactions. They have very serious security considerations. Same for Twitter. Can you imagine the brand fallout (or even global fallout) if the Twitter account of the president was hacked into?

I think I understand your perspective, but I hope you're open to hearing an outside perspective as well. What you're saying sounds elitist to me. Arguing Steemit has more advanced security concerns than other sites and therefore can't have a global CDN or a professional status page doesn't make sense to me. You have vendors for your web servers, your DNS, your image hosting, etc, etc. As I said before, if you don't trust your vendors then you need new vendors. If you do trust them but a status page, professional 5xx landing page, and clear communication are not priorities, then just state that instead of bringing up security concerns that, to me, don't make much sense.

I'm open to being completely wrong here and not fully understanding the unique challenges you face with this site, but so far, what I'm arguing for here seems pretty obvious to me.

I know I'm being tough, but I really am on your side. I've always been a big supporter, and I regularly get flak about it in the chat rooms. I really want Steemit, Inc to succeed. Unfortunately, too many people use the term "STINK" instead. IMO, being humble about weaknesses and open to criticism and improvement suggestions (and implementing them) will go a long way towards improving community relations.

Thanks for responding. I love that I can openly (and hopefully respectfully) voice my concerns and be heard directly by you and your team. I look forward to hanging out at Steemfest2 and meeting you all in person so we can tell war stories of major site outages I've experienced as well.

👍 ats-david, ocrdu

`post_id`	14,809,683
`author`	lukestokes
`permlink`	re-sneak-re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171008t161848917z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemit"]}"
`created`	2017-10-08 16:18:48
`last_update`	2017-10-08 16:18:48
`depth`	3
`children`	2
`net_rshares`	722,071,236,713
`last_payout`	2017-10-15 16:18:48
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	1.323 SBD
`curator_payout_value`	0.439 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	3,821
`author_reputation`	395,063,281,398,324
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
ats-david	0 B		682,108,495,982	5%
ocrdu	0 B		39,962,740,731	100%

@sneak · Oct 9 '17 (edited)

Tossing around PCI and HIPAA (not HIPPA lol) without understanding the specific security requirements of steemit.com in this instance just tells me “I don’t know what I’m talking about”.

That’s not elitist, it’s just you not understanding the specific risks to this site. 

I’m happy to take some time at steemfest to explain in depth to you why what you’re proposing is a bad idea.

> Worst case? The company and the site will not be taken seriously by professional investors and brands who might otherwise integrate and risk their brand reputation by being associated with this project.

I think that’s vastly overblown, and I think you’re making it up to win an argument. Any downtime, splash page or no, harms the brand. I asked for the delta.

properties (22)

`post_id`	14,879,903
`author`	sneak
`permlink`	re-lukestokes-re-sneak-re-lukestokes-re-sneak-steemit-com-is-experiencing-a-ddos-attack-20171009t123911316z
`category`	steemit
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemit"]}"
`created`	2017-10-09 12:39:12
`last_update`	2017-10-09 12:40:42
`depth`	4
`children`	1
`net_rshares`	0
`last_payout`	2017-10-16 12:39:12
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	748
`author_reputation`	27,542,287,033,381
`root_title`	"Steemit.com is experiencing a DDoS attack."
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

1 reply