It seems https://decred.org/ may be experiencing a DDoS attack. The wiki and forum are obviously unaffected. As we approach the launch it seems we may have to contend with the prospect of elements seeking to disrupt our community. I have suggested the operators use CloudFlare to attempt to mitigate any future DDoS attacks, the trade-off being the loss of some privacy and the unpleasantness of having to solve captchas for Tor and some VPN users. One more quick preemptive move would be for the owner of the domain (which is hosted at Gandi I believe) to enable 2FA (two factor authentication) in case a hijacking is attempted. On a slightly related tangent; users of this forum should also enable 2FA for their forum accounts[1] and their email accounts if their provider supports it (e.g., Gmail does[2]). Be safe and worry not. Script kiddies may wish to test our resolve however we will be undeterred by their antics. [1] https://forum.decred.org/account/two-step [2] https://www.google.com/landing/2step/
For reference, this wasn't the result of a DDoS attack. The admin has been working to upgrade the servers and it was related to that. The infrastructure is still in the process of being beefed up prior to launch. I'm not directly involved with with the site infrastructure, but wanted to relay the information.
Thank you for the update. The communication from the Decred team has been top notch from the beginning.
I noticed that too this morning. Not a bad idea as far as the ddos prevention is concerned. I remember back in my altcoin mining days whenever a new alt would come out the pools would alot of times get ddos'd as well, so something to think about. Is decred going to be able to run p2pool nodes?
I think it's a little presumptuous to believe Decred will get ddos'd anytime soon. The one point of doing that to a pool is temporarily diminish hashing power to up one's revenue. Other than that, it would take a popular coin on an exchange to become a ddos target, for that is a tool for price disruption. Decred is in the clear for now, until major pool mining starts up anyway. Even then solutions exist.
I experienced the very short outage. Don't listen to anyone who says DDOS wasn't an option. One or two people could easily DDOS the domain. Just log, track, and mitigate any nonesense. If need be use a service like Cloud Flare or cheaper. When Cloud Flare started they would help projects like this for pennies.
The devs themselves said it was a server failure. No need to panic for no reason, there is hardly a chance of ddos this early on.
There are many script boys out there. Ddos is a concern for even Google itself. In this case you're totally right but you never know .