PSA: Dread is Currently Down Due to Ongoing DOS Attacks


Dread, the darkweb discussion platform similar to Reddit, is currently under a denial of service attack that is rendering the service inoperable. No fix for the attack exists in the mainstream tor builds, even though the latest alpha builds included potential solutions.


HugBunter's service made it through the majority of the month of June without going down due to denial of service attacks. An entity has been attacking Dread with an attack that runs the cpu load up tp 100%, effectively killing the server. Some potential fixes were pushed to an alpha build that helped to some degree. HugBunter said the update helped but that it would not be enough to stop the attacker from taking Dread down.

Since the beginning of 2018, attackers have been utilizing various tactics to kill darkweb marketplaces. Some markets have mitigated the damage from the attacks with the help of vanguards, OnionBalance, and specific configurations in tor's configuration file. After every fix, though, the attacker finds another way to bring the service down.

Not long after HugBunter had gotten Dread back online, the attacker managed to knock it back offline. At some point, a more in-depth post will cover the types of attacks used to bring down Dread and other hidden services. This serves as a public service announcement of sorts for now.

Below is a message posted on the /r/DreadAlert subreddit by HugBunter on June 22.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Thanks for your patience, working on something which will take at least 24 hours to get up and running. More updates to come.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAl0NaOUACgkQ6GEFEPmm
6SLOMQ/8CPwSpRk8QV9dtLxRfXNXNjjSBJYgUHeI+mpVOvlTLA41xs5I6GGvgBad
HHtKlPpH5qhrHlgTS8iuiog6Kl9ldlif2tdN4Y04iCANnbJggoxtUigLV/rOF7it
uV1BXAF2Jcna7CJ9Seq4myQYZYHPd5UbTkybxTsIzazWm2Npat0KA/J/58NGqKK+
olF6UAIrtxOpUz4xMMDCmRKEJZmLOtQmF9uGldUxkfYIdZhdRkFKXTccNcM3V5Io
imIJIENiFic8H5zlFnQPpbl7E1nHlzcUf4edzf2QJqPJ9DTG52YTUB90G73h5nCp
Lax60j4KHxOmv1tnHXURhjjqU8j1hyvaiefZOByF2nrdfziWdDX9L8r5dc95q0UT
Tg+FhJNSN51GEGTjrw5b5+8xuULXL7uQ9Z8VzFg5USwFJknmeoGnVZXIlQQECsl4
0bFDosUn/8MOOngZK/Fntu+HdcF5EE6jTE0S20GnuCqBLpUCIO0lAP1LtsDRPtBr
pnH3vzArcyoDmkwBuMbE6EXvxqeykmMj3HiEHebbt1UEzcAS5feM/Q3hj/j+dacK
YR4imF/H0gwbqE201/BiQKyRnxiqAP73c+9pFzPA36dCybSbyNl4H1wxA0XG0WjK
eUBwhg/+9qDmH/dgNqey4xTj5A+IRthSZBG5DBVFfdbrnYXK3Bo=
=jpn2
-----END PGP SIGNATURE-----

And here is the message HugBunter posted before the one above:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Working on it, will be back up as soon as possible. Sorry for the inconvenience.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAl0LcsIACgkQ6GEFEPmm
6SLl7xAArQIaooJlqjfySh+Gf47IOmgfFH79os2Wgdt7oDLHcB4060Uw9GNELtXk
nwlHmuT228f9UHGg8gjhVdxgooA2Dqt09ascs04ubbtD34qH3sdLQ5SrksYXjU+2
RyLxw+Xuvzlvtk8B+xf+VkU60RPV16ExUUkh/YNe4xS+mXMPi07QiSYmLeOtnj6R
Dw8hqJqZ60d76xZEUxB64HYMB622DKU9lHQY6JzG5xj608wYPwmXi2ykD9buizVK
BaW8sXQZYnRepvY1mC98Yh9IC69A6HXfDJhqdv1T3PzI5uutK0qsrdJItiTnvOmU
RBzl3f7oWaBIU4/TcRpAZ++en9R9xiIwYOvhinOX6GIMUxenW+JhdFp+VBjWK6+s
BUhPO62OIWGOuMnv09feTEel61cjym8SrK4VRECXTxLiyg98AxAswOdv/FJa9QHT
PNWXFoGtfJlr+AeOlCXnmtjJ1D293i2OUoHOndup6ooOa42c30o/1F8HqD82E0fK
kGzJnVLxc1ijlyXYXhJg2gix5i4cPKknGQmB96qPuMPRzsmH32FfTswVkbhpriEQ
+ksOddfWTg70ZWDKAu26E8tVJQ/f+Fs4Vh6Im+nACJuCO2UDyIF241zTM1+Q77H3
xd6dHfVmQFGGGrugS5slNpBciCP8RYWXsiLNPLX2LHcdHJ4powI=
=1aAg
-----END PGP SIGNATURE-----