Monthly Archives: February 2020

A Letter to the DDoSers


I guess I could leave it there and sign off this post as it is the only question that really matters but let’s go into a bit more detail.

I’ll start with a quick refresher.  Back in September 2019 I started to receive a few reports that the server was becoming unreliable.  Over the next few days this situation gradually got worse until on 22nd September I had to take the site offline as it had become completely unusable.  In analysing the cause of the outage I could see that there were no issues with the application itself but that it seemed to be getting hit with a lot of traffic.  In analysing this traffic it became clear that the site was under attack using a method known as “Distributed Denial of Service”.  In total the site ended up being offline for the best part of 6 days during which time I had to completely rework the architecture of the app to put in some extra safeguards against this type of attack.  By 28th September I finally had a new version ready for the world and the problem was solved.. for now.

I’m not going to talk in any detail about the nature of this attack because to show what I know about it would simply be an advantage to the attackers, but fast forward to November 8th and we’re getting attacked again, in a similar way but one that is different enough so as to get around my original safeguards.  Again, the site is offline for over a day, again I manage to get it online after some changes.

Fast forward to February 20th 2020 and.. you guessed it.. a subtly different DDoS attack, and a new fix to keep the site live. 

Aside: For anyone who wants to talk to me about Cloudflare, it’s a rabbit hole I’ve been down and I’m not going to go into detail about that here.

I would just love to know… why? For all of its faults, Cube Tutor is a service that is still used and loved by tens of thousands of people every month and every time someone on the other side of the internet presses a button to take it down, you’re just making the day of a bunch of those people a little bit worse.

People seem to really want to see me get into some sort of shouting match with Cube Cobra but I’ve stated time and time again that I have nothing but respect for this project.  It’s a collective of developers, an open source project, Gwen who runs it is a good guy and.. well, imitation is the greatest form of flattery!  Back in 2013 when CT was born, the concept of the Blog, List layout and “learning” Draft bots were all USPs which really helped drive engagement with the site.  It just makes me proud to see these concepts used elsewhere, and I am honestly just happy for these guys and look forward to following their project which will undoubtedly be a net benefit to the community.  I would like to be absolutely clear, I have no reason whatsoever to suspect anyone involved in that project of anything malicious and I don’t think it does much to the conversation to throw wild accusations around.  Please stop doing that.

With the advent of CC and my own statements about the difficulty of improving CT going forward (a problem which as of the date of publishing this post still has no clear way forward) it is no surprise that the level of Patreon support now has CT running at a personal financial cost to me, month on month.  I do so because I love this site and it’s community and it breaks my heart a bit, every time someone feels the need to take it offline.  I would like to reiterate how much I truly appreciate the support of everyone who has donated to the site over the years and continues to do so.  Without you guys it would have been offline a long time ago, and the continued support is still VERY MUCH appreciated.  From the bottom of my heart, thank you!

I fully expect we’ll get DDoSed again, I have every reason to think it can be thwarted so I’ll ask for one final time.. why?  If someone would like to explain to me why Cube Tutor’s presence is so offensive to them, or hey perhaps you’ve got a genuine grievance.. let’s talk about it.  For the sake of everyone else out there who loves this thing, it’s time to quit being selfish and talk.  Perhaps you’re not the attacker, but you know who is and could help this conversation to get going.  You know where to find me.

  • Ben