• Zagorath@aussie.zone
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    1
    ·
    10 months ago

    “Since the user opened a ticket with us this past Sunday, we’ve been actively researching this situation. Initially, we thought it might have resulted from a DDoS attack, which we stated in our first response. After some investigating, it looks as though the spike in traffic was not caused by a DDoS after all,” Dorian Kendal, CMO at Netlify, told Cybernews.

    Instead, now they believe that this was a sustained download event of an mp3 file over a stretch of multiple days.

    “We’re working directly with the user to better understand what’s happening on their end, so we can uncover what caused the dramatic increase in downloads,” Kendal said.

    I’m confused, what is this supposed to mean? Some sort of non-distributed DOS attack? How would working with the customer help there? If they’re susceptible to a denial of service, isn’t that entirely an internal problem?

      • Zagorath@aussie.zone
        link
        fedilink
        English
        arrow-up
        5
        ·
        10 months ago

        Fair point. DOS is perhaps the wrong word for it. But from that quote, it sounds like it’s a similar behaviour to DOS tactics which involve finding ways to transform a relatively simple request into a large amount of work (or in this case, network traffic) for the server.

    • echo64@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      10 months ago

      They are saying that it wasn’t a ddos at all but organic use. The user was notified but did nothing. So they think their notifying stuff isn’t good enough.

      • Zagorath@aussie.zone
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        edit-2
        10 months ago

        Sorry, but what exactly is a “sustained download event” supposed to be? It sounds like they’re describing some sort of DOS-like attack that isn’t a DDOS, where a user manages to force the server to serve up way more data over a sustained period of time than would be reasonable for downloading a single MP3 for normal use.

        But maybe that’s not what they mean. It’s very unclear.

        • Passerby6497@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          10 months ago

          Sorry, but what exactly is a “sustained download event” supposed to be?

          I’m pretty sure they’re describing something akin to what many small site owners have referred to as ‘the hug of death’. If you’re a small site that blows up on the front page of lemmy (or an actually large community site), you’re going to experience sustained traffic that your site isn’t capable of handling (be that at the computer resource or financial level in this case).

          Normally the hug of death’ just takes you offline when your provider can’t handle the load or you blow past your providers thresholds. In this case, that threshold didn’t appear to exist and it just kept adding to the bill.

          • Zagorath@aussie.zone
            link
            fedilink
            English
            arrow-up
            5
            ·
            10 months ago

            Oh right. So they just mean the Slashdot Effect? A large and unexpected amount of organic traffic?

            I think that “sustained download event” is a weird way of phrasing that, but thanks for the explanation.

        • Aatube@kbin.social
          link
          fedilink
          arrow-up
          2
          ·
          10 months ago

          Basically, it was a giant uptick in use that was likely made by human beings instead of a DDoS botnet, and they’re still investigating where it came from

    • ferralcat@monyet.cc
      link
      fedilink
      English
      arrow-up
      9
      ·
      10 months ago

      I am too. Is the agreement to charge per mb downloaded? Do they not have some sort of "turn it off if I hit this max?* feature?

      I usually avoid hosting solutions like this just because of this shit. I wanna know how much I’ll owe before the month starts even. Anything else feels like gambling.

      • Patches@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        10 months ago

        Of course they do but they can make 104k if they don’t turn it on.

        There are plenty of bandwidth restricted hosting sites out there. Sounds like that is what you want. Maximum speed regardless if that’s used 24/7 or not. If more users request your site than that bandwidth allows - oh well.