Profile overview for startv.
Submission statistics

This user has mostly submitted to the following subverses (showing top 5):

1 submissions to technology

This user has so far shared a total of 0 links, started a total of 1 discussions and submitted a total of 7 comments.

Voting habits

Submissions: This user has upvoted 0 and downvoted 0 submissions.

Comments: This user has upvoted 3 and downvoted 0 comments.

Submission ratings

5 highest rated submissions:

im the "hacker" that took down voat.co with a "botnet", submitted: 7/13/2015 6:11:26 PM, -88 points (+133|-221)

5 lowest rated submissions:

im the "hacker" that took down voat.co with a "botnet", submitted: 7/13/2015 6:11:26 PM, -88 points (+133|-221)

Comment ratings

3 highest rated comments:

im the "hacker" that took down voat.co with a "botnet" submitted by startv to technology

startv 4 points -1 points (+3|-4) ago

This is incredibly different from "I ran a script that spitted out 60 requests a second and it took down voat".

i never once said i used a script. no idea why people haved jumped to that conclusion.

you abused cross-site-scripting based vulnerabilities

you can load images from any domain. there is no script, there is no vulnerability. just set src="http://google.com" and it makes the http request to google.com, gets html back which is obviously an invalid image, so does nothing with it. but the request has still been made as a page impression.

im the "hacker" that took down voat.co with a "botnet" submitted by startv to technology

startv 5 points -2 points (+3|-5) ago

60 requests a second. not packets. and this number was very roughly based on the number of users that had picked up the image and how many requests i saw heading to my http server alongside the image request. the 60 req/sec is steady for a while until more users open their browser and picks up the image that gets loaded on every webpage they have open. how exactly that works is not relevant for here.

i have explained 2 tests i did to prove that the findings above came from the site going down recently. 1) the comments link (which i only just found out was mentioned in the announcement post) and 2) the exact search term i used in testing in one of the earlier tests.

if /u/Atko wants to keep calling bullshit on these then i refer to one of my points of voat admins lying to its users (obviously i understand that everyone will side with him on this). if they have any logs at all over the past few days then it should be very easy for him to see this.

hell, if he wants ill even send some traffic here again so he can watch it, though it would be caught by his cloudflare protection level right now.

either way, i just hope they take the points on board as its some serious issues they have. i want voat.co to improve and go on which is the whole point on this post. there hasnt been any advertising to my personal things, no linking a twitter account or anything for me to gain any other way.

im the "hacker" that took down voat.co with a "botnet" submitted by startv to technology

startv 4 points -3 points (+1|-4) ago

mentioned in a previous post. a popular browser extension. extensions can inject anything you like into open web pages.

3 lowest rated comments:

im the "hacker" that took down voat.co with a "botnet" submitted by startv to technology

startv 26 points -22 points (+4|-26) ago

originally 60 requests a second

and

forgotten to turn off my testing causing the increase of web traffic

read the post. obviously the 60/req second was only my own requests, not including the rest of the page loads from others. the 60/req sec was consistent though. however while i left it unattended that did increase sharply.

see the second edit for further proof. let me know if you want anything specific to prove. if not, take the advice. make voat more stable as it grows.

im the "hacker" that took down voat.co with a "botnet" submitted by startv to technology

startv 8 points -5 points (+3|-8) ago

since you asked without sounding like a technically challenged child falling head over heels for a goat like most here.

an image with its src set to different parts of voat.co (search, comments, view more comments, homepage, etc) was placed on several thousand webpages from a popular browser extension. this is why the guy from cloudflare mentioned the requests looked legitimate - because they were. the longer i leave the test running the more users pick up on the image being loaded which results in many, many more requests being sent to voat.co as time goes on.

if cloudflare had checked the headers for all requests, it would have shown that the 'accept' http header was requesting image formats only, instead of the usual http/text formats.

60 requests a second wouldn't take down an Apache serving running on Raspberry Pi by the way.

60 requests a second to a voat codebase loading a page - not an asset - would not even happen on a raspberry pi if they do run windows. 60 requests a second to apache serving static content should stand up without a sweat. this is close to the caching part i mention a few times in the original post.

talking of requests, the cloudflare stats /u/Atko mentions are total requests, assets and all. almost all of which cloudflare will not forward to voat servers as it is also a cdn. the requests i am talking about are actual page requests, page impressions if you will. these do get sent to voats servers, or rather, did before they increased the cloudflare level.

im the "hacker" that took down voat.co with a "botnet" submitted by startv to technology

startv 5 points -4 points (+1|-5) ago

what are you talking about.

<img src="https://voat.co" /> <img src="https://myserver.com" />

place this on several thousand websites and you have several thousand page impressions to voat, and lets me see how many requests are roughly being made.

you sound a smart guy, this is basic stuff.

repeatedly asking me for proof after ive mentioned this over and over isnt going to help us. the admins are the ones with the logs who are being very quiet right now.

i have explained 2 tests i did to prove that the findings above came from the site going down recently. 1) the comments link (which i only just found out was mentioned in the announcement post) and 2) the exact search term i used in testing in one of the earlier tests.

also, ill repeat again. im willing to test this out again if the devs will actually reply instead of calling it bullshit. i have a feeling they know theyre wrong.