A few days ago, Steemit.com went down for a few hours and many users noticed some issues with curating posts and comments, as well as some other functionality. While the blockchain was unaffected, I've noticed a number of Steemers posting about the problems they experienced with the website.
Did it affect Steemit?
That depends on what you mean by that question. It certainly disrupted the website which we all use to curate posts and read posts by our friends. It didn't affect the blockchain at all. You might think this means that it only affected the functionality of the website, but how does functionality affect the value of Steem, and could that be what is behind the DDOS attack?
Why would someone hit Steemit with a DDOS attack?
There is only speculation as to why someone would do this. Unless a hacker takes credit for the attack and tells us why it happened, we are left with guessing their motives. I'm not much for conspiracies, so take these with a grain of digital salt. Here are my thoughts on what prompted the attack.
- Someone looking for fame.
Some hackers and dark web users don't really have any nefarious motives besides the kicks and giggles of knowing they were responsible for a temporary disruption. Sometimes they publish a claim of being the one who launched the attack and sometimes they just sit back and watch the world burn, knowing they lit the match. Either way, it's just an ego trip and a feeling of accomplishment which some like to put on their resume. - Someone looking for disrupt Steemit for monetary gains.
You think this one is a stretch, wait until you read the next one! If a hacker operated a DDOS attack against Steemit.com and the public began to believe the site, and therefore Steem, was struggling, they may be a dropoff in price. That would be the time to swoop in and buy as much Steem as possible. Then the hacker could stop the DDOS, hold the Steem for a while, and slowly wait for the price to recover. Once the press release hit and Steemers knew it didn't affect the crypto and that the blockchain was secure, they may drive the price up and give the hacker a chance to sell for a significant profit. Considering the price of Steem at the time of this posting is only .0002159 of a single Bitcoin a hacker could buy a lot of Steem and easily manipulate the value by 10 to 20%. - Someone looking for disrupt Steemit for business gains.
The most far-fetched idea I could come up with is that someone at Reddit, Medium, or Facebook doesn't like what they see happening at Steemit and orchestrated a DDOS attack. Obviously, this is the most unlikely. Don't believe for a second that all those big social media giants are unaware of Steemit. They know who we are and what we are doing. I'm sure it's scary the heck out of them. However, is it worth messing with the website to cause a disruption and be able to say, "Look! Steemit isn't secure. They had a DDOS attack!" It just doesn't add up as the juice isn't worth the squeeze.
As with most mysteries, the most likely answer is probably the right one.
My bet is that it is some bored programmer who just put another notch in their tower. Congratulations, loser. You shut down a website. It's really amateurish, but you did it. I mean, you did. Right?
What's your guess? Put your comments below and let's connect!
My name is Rich and I'm a Libertarian.
You can find me on the Libertarian Chat Channel and now on the Discord Unmentionables server. I'm working on a production called the LIS, or Libertarian Interview Series. It's going to be a series of written format interviews with the top Libertarians and Anarchists on Steemit. If you would like to be a part of it, either to be interviewed or offer help, just message me here.
This attack should not be unexpected. Steemit is making tremendous progress and therefore will catch the attention of all manners of persons.
The lesson from this attack is the obvious need to always step up security as much as possible. Nothing must happen to steemit.
Thanks @richhersey for hazarding these guesses. May be one day, we shall know what really happened on that fateful day. Just may be!
I read one story about the hack and how they used the DDOS to test for passwords. At least, that was the claim. What I don't get is that if you are phishing for passwords, why do it using a DDOS and raise red flags. Something fishy about that version of the story.
I find your third option the most believable, because of this data point: Uber attacked Lyft, both at the server level and also with "distributed denial of drivers" attacks.
Corporate attacks are more common than most people would believe. They are also the hardest to believe. :/
Someone clearly feels threatened!
Should use Cloudflare's free plan for the public-facing content.
Lot's of web hosts have ways to mitigate a DDOS. I'm sure that Steemit folks are looking into better solutions for the future. I've just been reading that the hack attempt sent thousands of password attempts every second. Apparently, they have taken over a number of accounts. Always protect your master keys!
Need to think about it
This will not be the last time someone tries a DDoS against Steemit. Hopefully it will be less successful next time. @ironshield
I think it's not entirely unlikely that we will be seeing combinations of #2 and #3. That way the opposition can both make a profit directly, increase their influence on the platform (maybe just to spam) as well as see their own business superior in the market place.
But we're more dedicated than them. Surely we could come up with DDOS and spam protections. For a first line defence against (second, if we count stake), my money is on creating a system of vote-negation and blacklisting (very similar in effect to what Steemcleaners has to do daily, but at another level), that would itself have to be supervised and limited only to affecting particular actions.
For instance, a certain number and pattern of regular money transactions from a particular account would remain unstoppable no matter what, but posting and commenting could be prevented if there is constant malicious activity.
This prevention method would have to be carefully thought out and openly experimented with before asking the community directly for their opinion on the matter of course.
My own example here is only a rough idea, without going into all of the specifics involved.
@OriginalWorks
The @OriginalWorks bot has determined this post by @richhersey to be original material and upvoted it!
To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!
To enter this post into the daily RESTEEM contest, upvote this comment! The user with the most upvotes on their @OriginalWorks comment will win!
For more information, Click Here! || Click here to participate in the @OriginalWorks sponsored writing contest(125 SBD in prizes)!!!
Special thanks to @reggaemuffin for being a supporter! Vote him as a witness to help make Steemit a better place!
Congratulations @richhersey! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Award for the number of comments
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP
Congratulations @richhersey! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Award for the number of upvotes
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP
This might be an old post but wanted to throw one more scenario out there. I can see someone DDOS attacking IF a big payout was coming and they wanted to make sure that nobody flagged them before that payout. This is the inherit issue with the way Steem Power works. I believe that is the crux of the design.