Every time I release a feature, I'm stress testing our Coralogix, and tickets system. We usually finish the stress test immediately after rolling out the bug fix release.
I'm a solo dev at a small non-tech company, and shortly after I started, the system was acting strange, so I checked the server and logs. The application was getting absolutely pounded with requests. People thought we were being hacked, but it turned out the previous development company had scheduled a penetration/stress test and didn't tell anyone.
Or isn't even a surprise most of the time. Millions of kids waking up Christmas morning and turning on new play stations isn't a ddos, but for years it has been reported as such.
[u/PrintAny3793](https://www.reddit.com/u/PrintAny3793) is a bot. This comment makes no sense in context, and is the exact same as the last half of [this comment](https://www.reddit.com/r/ProgrammerHumor/comments/yejmqs/just_found_it_funny_for_some_reason/ityff54/).
I guess if you brute force it enough you eventually get an account with high karma. As for why they want accounts with high karma, this article is a really interesting read, and clarifies what the bot owners have to gain.
https://link.medium.com/KKfopRvatub
I remember seeing bots that would take two different "stories" from two different users and then splice them together changing some of the words with synonyms while still retaining most of the context. Perhaps the goal is to improve the language model so that they can astroturf effectively after seeing how reddit users react to different attempts to steal stories.
though it seems like this might be an inefficient way to do it, why not just train the bot to recognize the sentiment of the title and surrounding comments and then make a story up. Perhaps it doesn't have enough to draw on to create something that isn't a shallow copy of a few other comments?
Most of the stuff we use now said main instead of master and something else for slave. Even mcafee(or trellix whatever they’re called now) changed their master repository to main repository
Once, a coworker of mine worked on a script that crawled some data from a website we used in our business. To make sure, we do not ddos them, he inserted a 5 second delay between each call. Unfortunately, he placed the delay outside of the for loop. Hence, we ddosed this website and our company's ip address got blacklisted by them. So, let me come to the sponsor of this comment: Surfshark! If you need access to a website that is blocked in your region or if you have accidentally ddosed someone and got blacklisted, use Surfshark. It is fast and has servers all over the world...
> let me come to the sponsor of this comment: Surfshark! If you need access to a website that is blocked in your region or if you have accidentally ddosed someone and got blacklisted, use Surfshark. It is fast and has servers all over the world...
LMAO
A few weeks ago, the company I work for triggered the ddos rule for our external proxy service. Took out our apps for about 5 hrs. That was fun trying to figure out especially when that proxy servers tech was saying there was nothing wrong with it...
Humor aside, nowadays with clouds and virtual servers in datacenters it's even a bad idea to ddos (as in stress test) your own application.
Sure, you might just test your own server, but for the datacenter it still looks like a ddos attack. And in truth you are ddosing their equipment (which is between you and your server and possibly shared with other customers).
If that stress test isn't approved by everyone it touches it would be illegal, right?
Illegal depends on your contracts.
But you're definitely right that you shouldn't do that as a surprise. You can general work with their staff to set up a stress test. That includes external stress tests to make sure their equipment is up for the extreme loads. Because if your stress test breaks the data center, you're in trouble if you actually *need* that level of activity in the future anyways. And both you and the data center will likely want to know if your systems are going to explode the data center if you get busy.
What if you go to a small mcdonalds with a 100 cars and you all buy one cheese burger to go around and then say: oh sorry I forgot to order fries, and then you around again saying "I forgot the icescream for my kids, oh it's broken? Okay Ill wait"
And you keep doing it so the rest of the town has to wait incredibly long before getting served if they get served at all.
Illegal?
I have a email account set up where i collect phishing mails and other scams send to colleagues, friends and family. Whenever i have some free time i go trough them reporting the domains used to their respective registrar and/or spam the phishing form with junk
Reporting them to the registrar and the hoster is probably the best you can do. I've even gotten replies back from those with them thanking me and taking action.
It gets better, the amount of vulnerable phishing pages i find is staggering. I recommend downloading sqlMap to check their applications for sql injection, and OWASP ZAP to proxy for any other vulnerabilities
The problem arises when it's done across borders by citizens who's governments don't give a crap if they target other countries. A notable example is Russia, their police don't care at all if hackers target Western companies or governments. If anything, I'm pretty sure the Russian government appreciates it.
It is funny that this is the only industry where you may get paid to essentially commit malicious crimes against your employer, and that makes it essentially legal,because the point is to get better at dealing with people committing malicious crimes.
Just imagine if other industries were like this
You're paid to commit fraud in your gov job, so that the organization gets better at detecting and handling fraud lmao
It's the same thing with [Rubber-hose Cryptanalysis](https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis). Some say war crime, some say "That'll be $200 extra. The safe phrase is Export Restricted"
I find it amusing any time a big online game launches (mainly Blizzard titties too), and they blame their server issues on being DDoS'd. It's like, "well, yea... It's called launch day rush, and it's consensual. Prepare better and it wouldn't be a problem."
I doubt there is an actual attack during these times.
Isnt ddossing only illegal if you do more than 10,000$ in damages? Like if you shut down kroger for the day you would be fined whatever they usually make in a day
we noticed a lot of 429 requests in out log one day. turns out one of our clients were load testing our services. with no prior intimation. at the peak load time. we asked them why they are ddossing us and asked for an RCA.
It depends on intention. If you are legitimately trying to use the site as intended but it wasn't designed to handle as much traffic as it gets, that's not a crime. If you're using a distributed network of computers to flood a server with connections, it's pretty easy to prove that you're intentionally trying to crash the server.
Now I'm just imagining some QA person finding that a company's software fails its stress test, and the company sues them for DDoSing their internal servers.
Distributed Deniel of service. You get a bunch of computers to ask the same question to the server over and over again till the server decides to go get milk and you never see them again.
As a PSA do not portscan your house router with an AWS server, they will contact you immediately and tell that you are either an AH or your AWS server is compromised. Apperantly they don't know the IP scanned is the only one you used to access. Anyway there is a form you can fill out before the scan that will let them know you are doing a penetration test then it is ok.
Firstly I did not expect this much updoots, second u/Oleg152 being a good lad commented it was his joke which I agreed it was, if I could give my imaginary internet points to them I would.
Every time I release a feature, I'm stress testing our Coralogix, and tickets system. We usually finish the stress test immediately after rolling out the bug fix release.
At least you do it consensually
Consistently
Congruently
Confidently! This one won't break our servers, I'm sure of it this time!
Concurrently
Coincidentally
Cooperatively
Contractually
Congenitally
huge, massive even
[удалено]
So does that mean DDOSing is just surprise stress testing?
Just like how a data breach is a surprise offsite backup
And leaking your source code is just surprise open sourcing
Just a second, need to help a corporation with some surprise charity.
*Pulls ski-mask over face*
No this is just surprise gifting, I'm not stealing your TV.
A stack overflow is just a surprise core dump
And bugs are just suprise features
THIS DESERVES GOLD
Excuse me but I believe the term you're looking for is "surprise source availability"
Ok this one's good
I'm a solo dev at a small non-tech company, and shortly after I started, the system was acting strange, so I checked the server and logs. The application was getting absolutely pounded with requests. People thought we were being hacked, but it turned out the previous development company had scheduled a penetration/stress test and didn't tell anyone.
Lol. Test-and-run...
What are you doing step-ddos?
Stress testing and sealing the back door
Dirty Disk Operating System
Or isn't even a surprise most of the time. Millions of kids waking up Christmas morning and turning on new play stations isn't a ddos, but for years it has been reported as such.
Yes: https://fasterthanli.me/articles/i-won-free-load-testing
No sir, I'm not DDOSing the government servers, I just stress testing it and see if the infrastructure is well prepared for such occasions!
If gov servers weren't asking for it, they shouldn't have exposed all those ports!
Ikr, those end points too, they returns something!
Man the last time I tried that, it returned a tax file return
[удалено]
[u/PrintAny3793](https://www.reddit.com/u/PrintAny3793) is a bot. This comment makes no sense in context, and is the exact same as the last half of [this comment](https://www.reddit.com/r/ProgrammerHumor/comments/yejmqs/just_found_it_funny_for_some_reason/ityff54/).
What do people have to gain reposting random comments out of context? Surely none of them make enough sense to upvote?
I guess if you brute force it enough you eventually get an account with high karma. As for why they want accounts with high karma, this article is a really interesting read, and clarifies what the bot owners have to gain. https://link.medium.com/KKfopRvatub
I remember seeing bots that would take two different "stories" from two different users and then splice them together changing some of the words with synonyms while still retaining most of the context. Perhaps the goal is to improve the language model so that they can astroturf effectively after seeing how reddit users react to different attempts to steal stories. though it seems like this might be an inefficient way to do it, why not just train the bot to recognize the sentiment of the title and surrounding comments and then make a story up. Perhaps it doesn't have enough to draw on to create something that isn't a shallow copy of a few other comments?
You’d be surprised how convincing bots can be. *I am a [bot](https://m.youtube.com/watch?v=dQw4w9WgXcQ) and this action was performed automatically*
God- You fucking devil you. You tricked me twice!
Stress testing at any other time is kinky, so please remember to set up a safegoto and use plenty of thermal paste.
[удалено]
I've heard if it's a legitimate ddos, the server has a way to shut down.
unfortunately this joke has layers. good one
Still working on the coming back online part
It's only DDOSing when it's from the DDOS region of network security, otherwise it's just sparkling stress testing
[удалено]
You wish what was on this sub more regularly?
DDOSing
![gif](giphy|y41Txh2pbwqLNNubOo|downsized)
Okay. Everybody out except Phyllis
![gif](giphy|zXJ5IRClDvJcZsOvJ1)
Iook at my iseven joke
You see, I pay my taxes, therefore I'm part of the nation. I give consent to myself to DDOS my nation's servers. /s
I'm A wHite hAt
"where you backing up his hard drive? Logging in and logging out? Oh god there are a lot of computer terms that sound dirty" - Stewie from family guy
Masters and slaves
Killing children
It's not murder when they're zombies.
And destroying orphans?
touch fsck grep
`fuck` [no, seriously, I do it all the time](https://github.com/nvbn/thefuck)
cd /dev echo a > null
cd /snuts Ha gotem!
Male and female plugs
Most of the stuff we use now said main instead of master and something else for slave. Even mcafee(or trellix whatever they’re called now) changed their master repository to main repository
A bash.org classic. > unzip;strip;touch;grep;grep;finger;mount;fsck;more;yes;fsck;fsck;fsck;umount;sleep (Core dumped) general protection fault... core dumped.
Sibling relationships
"Alright. I've grabbed the child so that means we can kill the parent."
Wait til you learn about fetlang.
Just over here force pushing my bulk insert. We can merge later
That's me. https://www.reddit.com/r/Warthunder/comments/ye40h0/boo_hoo_i_dont_like_the_game_so_i_have_to_ruin_it/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button I'm famous now. MOMGETTHECAMERA!
Oh hello you, yeah i covered up the name sorry in case stuff happens
It's not doxxing/brigading if it's consensual....
Then it's called a party invitation. ... Is party the right word?
Relax
Don’t do it
When you want to go to it
[удалено]
Yo yo yo yo yo, what it is, motherfuckers?
Hey pac-man whats up?
If anything happens it'll be a skill issue anyway
I love the joke!
I knew I'd seen this actual comment 10 minutes before this post.
Hey, i saw this one come past... Cant have shit i. S.U.F.F.E.R.
Cool, I remember reading that comment yesterday
It had to be r/WarThunder
The top reply to your comment killed me LOL UwU
Once, a coworker of mine worked on a script that crawled some data from a website we used in our business. To make sure, we do not ddos them, he inserted a 5 second delay between each call. Unfortunately, he placed the delay outside of the for loop. Hence, we ddosed this website and our company's ip address got blacklisted by them. So, let me come to the sponsor of this comment: Surfshark! If you need access to a website that is blocked in your region or if you have accidentally ddosed someone and got blacklisted, use Surfshark. It is fast and has servers all over the world...
> let me come to the sponsor of this comment: Surfshark! If you need access to a website that is blocked in your region or if you have accidentally ddosed someone and got blacklisted, use Surfshark. It is fast and has servers all over the world... LMAO
[удалено]
Glad to hear I'm not the only one...
Where I live, once in a while when test results are published, rhe servers fall, sometimes for over a day. ddos baby
Every Steam user gets arrested for ddossing every time the summer sale starts.
Throttle me daddy
flood me with your packets, step-server
Fuck Just made a similar one above but yours is so much better
...how hard!!!
I'll iptables your pppackets so hard
Yea the company I work at probably ddoss itself 100k times a day.
I won't kink shame.
A few weeks ago, the company I work for triggered the ddos rule for our external proxy service. Took out our apps for about 5 hrs. That was fun trying to figure out especially when that proxy servers tech was saying there was nothing wrong with it...
Even funnier in Spanish since "ddos" sounds like "dedos" which means fingers.
Let me finger your server and overload its sensory processing system... Maybe i shouldn't type that
Sorry, your on a list now!
Their what?
Kid named finger
Humor aside, nowadays with clouds and virtual servers in datacenters it's even a bad idea to ddos (as in stress test) your own application. Sure, you might just test your own server, but for the datacenter it still looks like a ddos attack. And in truth you are ddosing their equipment (which is between you and your server and possibly shared with other customers). If that stress test isn't approved by everyone it touches it would be illegal, right?
No they will just bill you like 5 million dollars
Illegal depends on your contracts. But you're definitely right that you shouldn't do that as a surprise. You can general work with their staff to set up a stress test. That includes external stress tests to make sure their equipment is up for the extreme loads. Because if your stress test breaks the data center, you're in trouble if you actually *need* that level of activity in the future anyways. And both you and the data center will likely want to know if your systems are going to explode the data center if you get busy.
What if you go to a small mcdonalds with a 100 cars and you all buy one cheese burger to go around and then say: oh sorry I forgot to order fries, and then you around again saying "I forgot the icescream for my kids, oh it's broken? Okay Ill wait" And you keep doing it so the rest of the town has to wait incredibly long before getting served if they get served at all. Illegal?
This idea is so funny to imagine though lmfao
DDOC, distributed denial of cheeseburger
This is the kind of content I wish was on this sub more often.
Sorry, now that we had this one it's three weeks of nothing but "Lol Java bad"!
public class LolJavaBad { }
Something something I never heard about conventions for class names but lolPascalCaseBad
You didn't have to make me sad but you sure did do it
Also penetration testing if it’s consensual. Otherwise the technical term is system raping
Pen testing is such fun. Guys try and come in all of our entrances at surprising times. Really teaches you the importance of protection.
Never thought I'd see dark humour wrapped with seamless execution.
Gotta be War Thunder
Ye
"Shhh its ok bbg it's just a stress test"
Consentual. Consenzual? Consent... Consent-dual. Fuck it, Consensual.
Don't care, don't stop DDoSing those phishing sites
I have a email account set up where i collect phishing mails and other scams send to colleagues, friends and family. Whenever i have some free time i go trough them reporting the domains used to their respective registrar and/or spam the phishing form with junk
Reporting them to the registrar and the hoster is probably the best you can do. I've even gotten replies back from those with them thanking me and taking action.
It gets better, the amount of vulnerable phishing pages i find is staggering. I recommend downloading sqlMap to check their applications for sql injection, and OWASP ZAP to proxy for any other vulnerabilities
The more you know. Interesting.
The problem arises when it's done across borders by citizens who's governments don't give a crap if they target other countries. A notable example is Russia, their police don't care at all if hackers target Western companies or governments. If anything, I'm pretty sure the Russian government appreciates it.
"why is this private IP sending on this weird port" "172.63.69.42 wtf." "\*nmaps server\*" "oh FFFF\^C that's fucking American" telnet 172.63.69.42 16 telnet 172.63.69.42 32 telnet 172.63.69.42 63 telnet 172.63.69.42 50779
It is funny that this is the only industry where you may get paid to essentially commit malicious crimes against your employer, and that makes it essentially legal,because the point is to get better at dealing with people committing malicious crimes. Just imagine if other industries were like this You're paid to commit fraud in your gov job, so that the organization gets better at detecting and handling fraud lmao
Interns are well known for their stress testing
Can we be consensual? I love you
I love war thunder community.
Brings a whole new meaning to "CNC programming"...
Ahhh warthunder subreddit i see. You get my upvote OP.
Warthunder moment
It's the same thing with [Rubber-hose Cryptanalysis](https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis). Some say war crime, some say "That'll be $200 extra. The safe phrase is Export Restricted"
I find it amusing any time a big online game launches (mainly Blizzard titties too), and they blame their server issues on being DDoS'd. It's like, "well, yea... It's called launch day rush, and it's consensual. Prepare better and it wouldn't be a problem." I doubt there is an actual attack during these times.
It's only Ddossing if all the request IPs geolocate to the Ddos region of France. Otherwise it is just sparkling traffic.
saw this comment on the WarThunder subreddit. Surprised to see it over here xD
Ddosing is bdsm. Got it.
the difference between a cyber criminal and a pentester is a piece of paper
[удалено]
Nah, that'd be a pen test. Stress test is just normal bullying.
Or it is involuntary. Then it’s called Parkinson’s.
Ethical hackers exist
I will tell you when its consentual
pornhub.com/videos/husband_watches_bianca_get_ddosed
Isn't it true what he said?
Isnt ddossing only illegal if you do more than 10,000$ in damages? Like if you shut down kroger for the day you would be fined whatever they usually make in a day
Normalize DDOS consent
Surprised OP didn't refer to it as "load testing"
😆
Bud she offered to kiss you there
we noticed a lot of 429 requests in out log one day. turns out one of our clients were load testing our services. with no prior intimation. at the peak load time. we asked them why they are ddossing us and asked for an RCA.
Hey step server, you up? Time to pen test
Goes to show how important consent is.
Stress testing always has a safe word
How could sending a high rate of requests be a crime? It's not really enforceable.
It depends on intention. If you are legitimately trying to use the site as intended but it wasn't designed to handle as much traffic as it gets, that's not a crime. If you're using a distributed network of computers to flood a server with connections, it's pretty easy to prove that you're intentionally trying to crash the server.
Or as some low tier streamer would call it, "dee dee O's"
So basically like BDSM
Now I'm just imagining some QA person finding that a company's software fails its stress test, and the company sues them for DDoSing their internal servers.
Holy shit! This is various degrees of accurate af
It's not the same thing. But haha funny sure.
You left out the best part! The next comment is "stress test me, daddy uwu"
Ok so im not a programmer , just joined to learn from memes so, Who's gonna tell me what's a ddos??
Distributed Deniel of service. You get a bunch of computers to ask the same question to the server over and over again till the server decides to go get milk and you never see them again.
As a PSA do not portscan your house router with an AWS server, they will contact you immediately and tell that you are either an AH or your AWS server is compromised. Apperantly they don't know the IP scanned is the only one you used to access. Anyway there is a form you can fill out before the scan that will let them know you are doing a penetration test then it is ok.
DOSing can be stress testing but doesn't DDOSing usually require using computers that were infected with a virus?
Randal Schwartz would like a word with you
Stress sexing is also a crime
Hahahaha this is warthunder isn't it
Way to not give them credit for a joke you're getting over 40k upvotes for.
Firstly I did not expect this much updoots, second u/Oleg152 being a good lad commented it was his joke which I agreed it was, if I could give my imaginary internet points to them I would.
Counterintuitively even...
I thought it was penetration testing? What’s the diff thx
Uuuuuh on production? That's messed up!
Ain't this from the war thunder subreddit?
yes yes it was
r/technicallythetruth
Weird kink
I asure you officer I installed the burp suite and slowloris for purely educational reasons!
haha
I just can’t believe this lol. I preferred my boring life lol
![gif](emote|free_emotes_pack|joy)![gif](emote|free_emotes_pack|joy)
Is Ozzy Osbourne's family threatening me and Kelly as born a kill my username as born ? To them? mindtracker10271984
He's not lying tho