Incident: DDoS Attack on 2024-05-24

You are reading a single comment by @Velocio and its replies. Click here to read the full conversation.

•

Velocio

Well that appears to have worked.

In the http part of the Nginx config:

	map $uri $known_uri {
		/	1;
		~^/about/?$	1;
		~^/about/cookies/?$	1;
		~^/about/privacy/?$	1;
		~^/about/terms/?$	1;
		/api	1;
		/api/v1	1;
		/api/v1/auth	1;
		~^/api/v1/auth/[0-9A-Za-z]+$	1;
		/api/v1/auth0	1;
		/api/v1/comments	1;
		~^/api/v1/comments/[0-9]+$	1;
		~^/api/v1/comments/[0-9]+/attachments$	1;
		~^/api/v1/comments/[0-9]+/attachments/[0-9A-Za-z]+$	1;
		~^/api/v1/comments/[0-9]+/attachments/[0-9A-Za-z]+.[A-Za-z]+$	1;
		~^/api/v1/comments/[0-9]+/attributes$	1;
		~^/api/v1/comments/[0-9]+/attributes/[0-9a-zA-Z_-]+$	1;
		~^/api/v1/comments/[0-9]+/incontext$	1;
		/api/v1/conversations	1;
		~^/api/v1/conversations/[0-9]+$	1;
		~^/api/v1/conversations/[0-9]+/attributes$	1;
		~^/api/v1/conversations/[0-9]+/attributes/[0-9a-zA-Z_-]+$	1;
		~^/api/v1/conversations/[0-9]+/lastcomment$	1;
		~^/api/v1/conversations/[0-9]+/newcomment$	1;
		/api/v1/events	1;
		~^/api/v1/events/[0-9]+$	1;
		~^/api/v1/events/[0-9]+/attendees$	1;
		~^/api/v1/events/[0-9]+/attendees/[0-9]+$	1;
		~^/api/v1/events/[0-9]+/attendeescsv$	1;
		~^/api/v1/events/[0-9]+/attributes$	1;
		~^/api/v1/events/[0-9]+/attributes/[0-9a-zA-Z_-]+$	1;
		~^/api/v1/events/[0-9]+/lastcomment$	1;
		~^/api/v1/events/[0-9]+/newcomment$	1;
		/api/v1/files	1;
		~^/api/v1/files/[0-9A-Za-z]+$	1;
		~^/api/v1/files/[0-9A-Za-z]+.[0-9A-Za-z]+$	1;
		~^/api/v1/geocode$	1;
		~^/api/v1/hosts/[0-9a-zA-Z-.]+$	1;
		~^/api/v1/huddles$	1;
		~^/api/v1/huddles/[0-9]+$	1;
		~^/api/v1/huddles/[0-9]+/lastcomment$	1;
		~^/api/v1/huddles/[0-9]+/newcomment$	1;
		~^/api/v1/huddles/[0-9]+/participants$	1;
		~^/api/v1/huddles/[0-9]+/participants/[0-9]+$	1;
		~^/api/v1/ignored$	1;
		~^/api/v1/legal$	1;
		/api/v1/legal/cookies	1;
		/api/v1/legal/privacy	1;
		/api/v1/legal/service	1;
		/api/v1/legal/terms	1;
		/api/v1/metrics	1;
		/api/v1/microcosms	1;
		~^/api/v1/microcosms/[0-9]+$	1;
		~^/api/v1/microcosms/[0-9]+/attributes$	1;
		~^/api/v1/microcosms/[0-9]+/attributes/[0-9a-zA-Z_-]+$	1;
		~^/api/v1/microcosms/[0-9]+/roles$	1;
		~^/api/v1/microcosms/[0-9]+/roles/[0-9]+/criteria$	1;
		~^/api/v1/microcosms/[0-9]+/roles/[0-9]+/criteria/[0-9]+$	1;
		~^/api/v1/microcosms/[0-9]+/roles/[0-9]+/members$	1;
		~^/api/v1/microcosms/[0-9]+/roles/[0-9]+/profiles$	1;
		~^/api/v1/microcosms/[0-9]+/roles/[0-9]+/profiles/[0-9]+$	1;
		~^/api/v1/microcosms/[0-9]+/roles/[0-9a-zA-Z_-]+$	1;
		/api/v1/microcosms/tree	1;
		~^/api/v1/out/[2-9a-zA-Z]+$	1;
		/api/v1/permission	1;
		/api/v1/polls	1;
		~^/api/v1/polls/[0-9]+$	1;
		~^/api/v1/polls/[0-9]+/attributes$	1;
		~^/api/v1/polls/[0-9]+/attributes/[0-9a-zA-Z_-]+$	1;
		~^/api/v1/polls/[0-9]+/lastcomment$	1;
		~^/api/v1/polls/[0-9]+/newcomment$	1;
		/api/v1/profiles	1;
		~^/api/v1/profiles/[0-9]+$	1;
		~^/api/v1/profiles/[0-9]+/attachments$	1;
		~^/api/v1/profiles/[0-9]+/attachments/[0-9A-Za-z]+$	1;
		~^/api/v1/profiles/[0-9]+/attachments/[0-9A-Za-z]+.[A-Za-z]+$	1;
		~^/api/v1/profiles/[0-9]+/attributes$	1;
		~^/api/v1/profiles/[0-9]+/attributes/[0-9a-zA-Z_-]+$	1;
		/api/v1/profiles/options	1;
		/api/v1/profiles/read	1;
		~^/api/v1/reserved/[0-9a-zA-Z]+$	1;
		/api/v1/resolve	1;
		/api/v1/roles	1;
		~^/api/v1/roles/[0-9]+$	1;
		~^/api/v1/roles/[0-9]+/criteria$	1;
		~^/api/v1/roles/[0-9]+/criteria/[0-9]+$	1;
		~^/api/v1/roles/[0-9]+/members$	1;
		~^/api/v1/roles/[0-9]+/profiles$	1;
		~^/api/v1/roles/[0-9]+/profiles/[0-9]+$	1;
		/api/v1/search	1;
		/api/v1/site	1;
		~^/api/v1/site/[0-9]+/attributes$	1;
		~^/api/v1/site/[0-9]+/attributes/[0-9a-zA-Z_-]+$	1;
		/api/v1/site/menu	1;
		/api/v1/sites	1;
		~^/api/v1/sites/[0-9]+$	1;
		~^/api/v1/sites/[0-9]+/menu$	1;
		~^/api/v1/sites/[0-9]+/status$	1;
		/api/v1/trending	1;
		/api/v1/updates	1;
		/api/v1/updates/preferences	1;
		~^/api/v1/updates/preferences/[0-9]+$	1;
		/api/v1/users	1;
		~^/api/v1/users/[0-9]+$	1;
		/api/v1/users/batch	1;
		/api/v1/watchers	1;
		~^/api/v1/watchers/[0-9]+$	1;
		/api/v1/watchers/delete	1;
		/api/v1/watchers/patch	1;
		/api/v1/whoami	1;
		~^/auth0login/?$	1;
		~^/comments/[0-9]+/?$	1;
		~^/comments/[0-9]+/attachments/?$	1;
		~^/comments/[0-9]+/delete/?$	1;
		~^/comments/[0-9]+/edit/?$	1;
		~^/comments/[0-9]+/incontext/?$	1;
		~^/comments/[0-9]+/source/?$	1;
		~^/comments/create/?$	1;
		~^/compare/?$	1;
		~^/conversations/[0-9]+/?$	1;
		~^/conversations/[0-9]+/delete/?$	1;
		~^/conversations/[0-9]+/edit/?$	1;
		~^/conversations/[0-9]+/newest/?$	1;
		~^/dashboard/?$	1;
		~^/dashboard/sites/?$	1;
		~^/dashboard/sites/create/?$	1;
		~^/dashboard/sites/edit/[0-9]+$	1;
		~^/developers/?$	1;
		~^/error/?$	1;
		~^/events/[0-9]+/?$	1;
		~^/events/[0-9]+/csv$	1;
		~^/events/[0-9]+/delete$	1;
		~^/events/[0-9]+/edit$	1;
		~^/events/[0-9]+/newest$	1;
		~^/events/[0-9]+/rsvp$	1;
		~^/faqs/?$	1;
		/favicon.ico	1;
		~^/features/?$	1;
		~^/forbidden/?$	1;
		~^/geocode/?$	1;
		~^/headers/?$	1;
		~^/huddles/?$	1;
		~^/huddles/[0-9]+/?$	1;
		~^/huddles/[0-9]+/invite/?$	1;
		~^/huddles/[0-9]+/leave/?$	1;
		~^/huddles/[0-9]+/newest/?$	1;
		~^/huddles/create/?$	1;
		~^/ignore/?$	1;
		~^/ignored/?$	1;
		~^/login/?$	1;
		~^/logout/?$	1;
		~^/microcosms/?$	1;
		~^/microcosms/[0-9]+/?$	1;
		~^/microcosms/[0-9]+/create/conversation/?$	1;
		~^/microcosms/[0-9]+/create/event/?$	1;
		~^/microcosms/[0-9]+/create/microcosm/?$	1;
		~^/microcosms/[0-9]+/delete/?$	1;
		~^/microcosms/[0-9]+/edit/?$	1;
		~^/microcosms/[0-9]+/memberships/?$	1;
		~^/microcosms/[0-9]+/memberships/[0-9]+/api/?$	1;
		~^/microcosms/[0-9]+/memberships/[0-9]+/edit/?$	1;
		~^/microcosms/[0-9]+/memberships/create/?$	1;
		~^/microcosms/create/?$	1;
		~^/moderate/?$	1;
		~^/moderate/do/?$	1;
		~^/notfound/?$	1;
		~^/out/[2-9a-zA-Z]+$	1;
		~^/profiles/?$	1;
		~^/profiles/[0-9]+/?$	1;
		~^/profiles/[0-9]+/edit/?$	1;
		~^/profiles/[0-9]+/patch/?$	1;
		~^/profiles/read/?$	1;
		/robots.txt	1;
		~^/search/?$	1;
		~^/static/.*$	1;
		~^/terms/?$	1;
		~^/today/?$	1;
		~^/trending/?$	1;
		~^/unignore/?$	1;
		~^/updates/?$	1;
		~^/updates/december/?$	1;
		~^/updates/settings/?$	1;
		~^/watchers/?$	1;
		default 0;
	}

In the server part of the site specific config, and as early as possible:

	# Allow only known URIs
	if ($known_uri = 0) {
		return 404;
	}

And you can try it easily... just access something that isn't in that list, like https://www.lfgss.com/doesnotexist and you get a 404 not found error.

Incident: DDoS Attack on 2024-05-24

About

LFGSS