A skiddy is attacking my forum software running a nginx webserver with a few programs he is openly bragging about taking it down with these
https://github.com/whitepacket/Stinger-Tor
Is there anything I can do to stop it? My hidden service gets around 1000 visitors a day, is there any modules or configuration I can do to help mitigate this attack without hurting my user base.
Good day,
Protecting a hidden service from DDos works in a similar fasion to how you’d implement it on a “normal” website. Simply create a simple, light, captcha based page before letting someone access your site. htpasswd could also be used, simply put the password in the prompt so a “human user” may type it in manually.
Have a nice day,
Ego
A while ago I recommended setting up a reverse proxy with layer7 filtering to take care of skiddies ddosing stuff. Search for threads involving the user Temple for more.