Denial of Service etc...

I know there have been a few attacks on Gemini servers. If you have any details, I would love to hear them.

I am trying to implement a reasonable line of defense for the new Fornax server, and your observations would help.

Posted in: s/Gemini

🚀 stack

Sep 18 · 4 weeks ago

4 Comments ↓

🐙 norayr · Sep 18 at 14:52:

wow, why would anyone do that?

🦎 bluesman · Sep 18 at 15:30:

Likely not an attack but my server was getting hit from a German IP address a few months back - maybe four or five requests per second (which is fine if it was a search engine but this just kept repeating - probably someone's bug).

I went into the GCP control panel and blocked the IP. I only recently lifted the block. Not really automated prevention since it was only discovered when I viewed the logs. I believe Google provides DDoS protection but I haven't looked into it. I'm not too worried about it TBH.

🏃 skyjake [mod...] · Sep 18 at 15:58:

You should primarily worry about misbehaving bots (crawlers, proxies) that make requests too frequently. Rate limiting by IP should be a pretty effective countermeasure.

Scripted attacks targeting your capsule specifically are much rarer, but rate limiting can mitigate that, too. Service-specific safeguards like access tokens in the URL can be quite effective, but it depends on what the service is about.

You should check section 5 in the App Developer Guide:

— geminiprotocol.net/docs/app-guide.gmi

🦔 bsj38381 · Sep 18 at 23:09:

Never thought the Gemini protocol could get a DDOS attack, I wish you luck on upgrading the security. I hate DDOS attackers (most of them will be bots tbh), and they're annoying.