DDos hidden service help

A skiddy is attacking my forum software running a nginx webserver with a few programs he is openly bragging about taking it down with these


Is there anything I can do to stop it? My hidden service gets around 1000 visitors a day, is there any modules or configuration I can do to help mitigate this attack without hurting my user base.

Good day,

Protecting a hidden service from DDos works in a similar fasion to how you’d implement it on a “normal” website. Simply create a simple, light, captcha based page before letting someone access your site. htpasswd could also be used, simply put the password in the prompt so a “human user” may type it in manually.

Have a nice day,


1 Like

A while ago I recommended setting up a reverse proxy with layer7 filtering to take care of skiddies ddosing stuff. Search for threads involving the user Temple for more.

1 Like