Pages:
Author

Topic: Moving to Cloudflare - page 5. (Read 13652 times)

legendary
Activity: 1789
Merit: 2535
Goonies never say die.
November 30, 2017, 09:14:59 AM
#9
With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks. This change is in progress, and will take ~24 hours for everyone to see.

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, but my homebrew DDoS mitigation has been one of my biggest time sinks for the last 6 months or so, and the necessary servers are still pretty expensive. If I had more manpower, then I would prioritize maintaining our own DDoS protection, but with me as the only sysadmin and current-software developer, it's become unsustainable.

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. I considered several alternatives to Cloudflare, but the smaller ones (eg. Stackpath and OVH) didn't strike me as reputable/competent enough, and the enterprise-targeted ones like Incapsula and Akamai are around $3500/month. Even though $3500/month seems absolutely ridiculous to me, I was seriously considering Incapsula due to its pretty good reputation, but then they were having all sorts of technical issues while I was trying to set it up. So I gave up for now and went with Cloudflare.

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

Tor users and benevolent-bot operators: please wait a couple of days for the current DDoS to subside, and then post your complaints here. I am able and willing to tune Cloudflare to be minimally annoying. Not every Cloudflare site has to do that "Using Tor? Here's an impossible captcha" thing.

Interesting.... nothing bad could happen here....  Huh  Are the DDoS's using the search feature?  What else could be disabled to mitigate?  I can only imagine the types of attacks the site gets but the decision seems quick and a bit extreme, haven't there been worse attacks?  I honestly don't have anything to hide from the NSA but I do value my privacy. And the general thought of the NSA collecting usernames/passwords on bitcointalk users is going to give me nightmares.  Sad
copper member
Activity: 3948
Merit: 2201
Verified awesomeness ✔
November 30, 2017, 06:31:24 AM
#8
To be honest, I rather have a forum with a lot of downtime, because of a DDoS, than handing over everything I do on Bitcointalk to Cloudflare/NSA. If we really have to go down this path, make it at least possible to bypass CloudFlare when logging in, updating your password and anything else that might be seen as sensitive data.
legendary
Activity: 1932
Merit: 1273
November 30, 2017, 05:58:16 AM
#7
The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...
https://gladius.io/ Could be the solution. But the project not yet finished though.
full member
Activity: 169
Merit: 100
November 30, 2017, 04:52:35 AM
#6
I suppose it is a necessary evil.
legendary
Activity: 2968
Merit: 3061
Join the world-leading crypto sportsbook NOW!
November 30, 2017, 03:20:29 AM
#5
Have you thought about maybe creating your own ddos protection service as from your concerns it seems like there'd be a gap in the market for a trusted product? I have no idea how much it would cost to create or run something like this but I'm sure it would be a worthy project people could get behind and would make for a decent ICO. Could even use the money we get from any potential new donator ranks we implement to invest in it. Something to consider at least.
copper member
Activity: 2996
Merit: 2374
November 29, 2017, 07:27:22 PM
#4
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
Have you considering setting up a www2.bitcointalk.org subdomain for PMs? (that would operate outside of cloudflare)

If cloudflare can read our plaintext password, does that mean someone from google could impersonate us by entering our password, and read our PMs?
administrator
Activity: 5222
Merit: 13032
November 29, 2017, 06:35:34 PM
#3
The thought of willingly passing passwords in clear text is quit disturbing for a security concerned member (me).  I can counter the PM issue as I do elsewhere by using GPG'd PMs, which are encrypted and decrypted ONLY locally on this end as needed.  At some sites I only respond to PM's where both sides have good OPSec using GPG on messages.  Is there any chance that bitcointalk could counter assault this huge password weakness by allowing U2F keys for members?  Even cloudfare can't do shit about getting around an encrypted key from a member's U2F and the site server?  I am not asking you to require U2F just allow it for those that are security concerned.  With the price of BTC and users that have been in the game for awhile the risks of doing stuff in "plain text" during logins is not Plan A by any means.

What I meant is that Cloudflare can see your unencrypted password when you log in. It's still encrypted from the real server to Cloudflare and from Cloudflare to you. So it's not blatantly insecure except in that Cloudflare is very probably an NSA honeypot, and it's not like the NSA is going to steal your password in order to scam people on bitcointalk.org or anything. If you use PGP for important communications and use a unique password, then IMO this addresses the plausible attacks well enough.

The U2F thing is a good idea in principle, but I've long been uneasy about fiddling with the authentication. I don't want to make a mistake which breaks security.
hero member
Activity: 761
Merit: 606
November 29, 2017, 06:01:07 PM
#2
Quote
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

The thought of willingly passing passwords in clear text is quit disturbing for a security concerned member (me).  I can counter the PM issue as I do elsewhere by using GPG'd PMs, which are encrypted and decrypted ONLY locally on this end as needed.  At some sites I only respond to PM's where both sides have good OPSec using GPG on messages.  Is there any chance that bitcointalk could counter assault this huge password weakness by allowing U2F keys for members?  Even cloudfare can't do shit about getting around an encrypted key from a member's U2F and the site server?  I am not asking you to require U2F just allow it for those that are security concerned.  With the price of BTC and users that have been in the game for awhile the risks of doing stuff in "plain text" during logins is not Plan A by any means.
administrator
Activity: 5222
Merit: 13032
November 29, 2017, 03:07:39 PM
#1
With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks. This change is in progress, and will take ~24 hours for everyone to see.

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, but my homebrew DDoS mitigation has been one of my biggest time sinks for the last 6 months or so, and the necessary servers are still pretty expensive. If I had more manpower, then I would prioritize maintaining our own DDoS protection, but with me as the only sysadmin and current-software developer, it's become unsustainable.

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. I considered several alternatives to Cloudflare, but the smaller ones (eg. Stackpath and OVH) didn't strike me as reputable/competent enough, and the enterprise-targeted ones like Incapsula and Akamai are around $3500/month. Even though $3500/month seems absolutely ridiculous to me, I was seriously considering Incapsula due to its pretty good reputation, but then they were having all sorts of technical issues while I was trying to set it up. So I gave up for now and went with Cloudflare.

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

Tor users and benevolent-bot operators: please wait a couple of days for the current DDoS to subside, and then post your complaints here. I am able and willing to tune Cloudflare to be minimally annoying. Not every Cloudflare site has to do that "Using Tor? Here's an impossible captcha" thing.
Pages:
Jump to: