PSA: Dread is Currently Down Due to Ongoing DOS Attacks
~2 min read | Published on 2019-06-23, tagged Dread using 291 words.
Dread, the darkweb discussion platform similar to Reddit, is currently under a denial of service attack that is rendering the service inoperable. No fix for the attack exists in the mainstream tor builds, even though the latest alpha builds included potential solutions.
HugBunter’s service made it through the majority of the month of June without going down due to denial of service attacks. An entity has been attacking Dread with an attack that runs the cpu load up tp 100%, effectively killing the server. Some potential fixes were pushed to an alpha build that helped to some degree. HugBunter said the update helped but that it would not be enough to stop the attacker from taking Dread down.
Since the beginning of 2018, attackers have been utilizing various tactics to kill darkweb marketplaces. Some markets have mitigated the damage from the attacks with the help of vanguards, OnionBalance, and specific configurations in tor’s configuration file. After every fix, though, the attacker finds another way to bring the service down.
Not long after HugBunter had gotten Dread back online, the attacker managed to knock it back offline. At some point, a more in-depth post will cover the types of attacks used to bring down Dread and other hidden services. This serves as a public service announcement of sorts for now.
Below is a message posted on the /r/DreadAlert subreddit by HugBunter on June 22.-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512Thanks for your patience, working on something which will take at least 24 hours to get up and running. More updates to come.-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAl0NaOUACgkQ6GEFEPmm6SLOMQ/8CPwSpRk8QV9dtLxRfXNXNjjSBJYgUHeI+mpVOvlTLA41xs5I6GGvgBadHHtKlPpH5qhrHlgTS8iuiog6Kl9ldlif2tdN4Y04iCANnbJggoxtUigLV/rOF7ituV1BXAF2Jcna7CJ9Seq4myQYZYHPd5UbTkybxTsIzazWm2Npat0KA/J/58NGqKK+olF6UAIrtxOpUz4xMMDCmRKEJZmLOtQmF9uGldUxkfYIdZhdRkFKXTccNcM3V5IoimIJIENiFic8H5zlFnQPpbl7E1nHlzcUf4edzf2QJqPJ9DTG52YTUB90G73h5nCpLax60j4KHxOmv1tnHXURhjjqU8j1hyvaiefZOByF2nrdfziWdDX9L8r5dc95q0UTTg+FhJNSN51GEGTjrw5b5+8xuULXL7uQ9Z8VzFg5USwFJknmeoGnVZXIlQQECsl40bFDosUn/8MOOngZK/Fntu+HdcF5EE6jTE0S20GnuCqBLpUCIO0lAP1LtsDRPtBrpnH3vzArcyoDmkwBuMbE6EXvxqeykmMj3HiEHebbt1UEzcAS5feM/Q3hj/j+dacKYR4imF/H0gwbqE201/BiQKyRnxiqAP73c+9pFzPA36dCybSbyNl4H1wxA0XG0WjKeUBwhg/+9qDmH/dgNqey4xTj5A+IRthSZBG5DBVFfdbrnYXK3Bo==jpn2-----END PGP SIGNATURE-----
And here is the message HugBunter posted before the one above:-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512Working on it, will be back up as soon as possible. Sorry for the inconvenience.-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAl0LcsIACgkQ6GEFEPmm6SLl7xAArQIaooJlqjfySh+Gf47IOmgfFH79os2Wgdt7oDLHcB4060Uw9GNELtXknwlHmuT228f9UHGg8gjhVdxgooA2Dqt09ascs04ubbtD34qH3sdLQ5SrksYXjU+2RyLxw+Xuvzlvtk8B+xf+VkU60RPV16ExUUkh/YNe4xS+mXMPi07QiSYmLeOtnj6RDw8hqJqZ60d76xZEUxB64HYMB622DKU9lHQY6JzG5xj608wYPwmXi2ykD9buizVKBaW8sXQZYnRepvY1mC98Yh9IC69A6HXfDJhqdv1T3PzI5uutK0qsrdJItiTnvOmURBzl3f7oWaBIU4/TcRpAZ++en9R9xiIwYOvhinOX6GIMUxenW+JhdFp+VBjWK6+sBUhPO62OIWGOuMnv09feTEel61cjym8SrK4VRECXTxLiyg98AxAswOdv/FJa9QHTPNWXFoGtfJlr+AeOlCXnmtjJ1D293i2OUoHOndup6ooOa42c30o/1F8HqD82E0fKkGzJnVLxc1ijlyXYXhJg2gix5i4cPKknGQmB96qPuMPRzsmH32FfTswVkbhpriEQ+ksOddfWTg70ZWDKAu26E8tVJQ/f+Fs4Vh6Im+nACJuCO2UDyIF241zTM1+Q77H3xd6dHfVmQFGGGrugS5slNpBciCP8RYWXsiLNPLX2LHcdHJ4powI==1aAg-----END PGP SIGNATURE-----
HugBunter’s service made it through the majority of the month of June without going down due to denial of service attacks. An entity has been attacking Dread with an attack that runs the cpu load up tp 100%, effectively killing the server. Some potential fixes were pushed to an alpha build that helped to some degree. HugBunter said the update helped but that it would not be enough to stop the attacker from taking Dread down.
Since the beginning of 2018, attackers have been utilizing various tactics to kill darkweb marketplaces. Some markets have mitigated the damage from the attacks with the help of vanguards, OnionBalance, and specific configurations in tor’s configuration file. After every fix, though, the attacker finds another way to bring the service down.
Not long after HugBunter had gotten Dread back online, the attacker managed to knock it back offline. At some point, a more in-depth post will cover the types of attacks used to bring down Dread and other hidden services. This serves as a public service announcement of sorts for now.
Below is a message posted on the /r/DreadAlert subreddit by HugBunter on June 22.-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512Thanks for your patience, working on something which will take at least 24 hours to get up and running. More updates to come.-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAl0NaOUACgkQ6GEFEPmm6SLOMQ/8CPwSpRk8QV9dtLxRfXNXNjjSBJYgUHeI+mpVOvlTLA41xs5I6GGvgBadHHtKlPpH5qhrHlgTS8iuiog6Kl9ldlif2tdN4Y04iCANnbJggoxtUigLV/rOF7ituV1BXAF2Jcna7CJ9Seq4myQYZYHPd5UbTkybxTsIzazWm2Npat0KA/J/58NGqKK+olF6UAIrtxOpUz4xMMDCmRKEJZmLOtQmF9uGldUxkfYIdZhdRkFKXTccNcM3V5IoimIJIENiFic8H5zlFnQPpbl7E1nHlzcUf4edzf2QJqPJ9DTG52YTUB90G73h5nCpLax60j4KHxOmv1tnHXURhjjqU8j1hyvaiefZOByF2nrdfziWdDX9L8r5dc95q0UTTg+FhJNSN51GEGTjrw5b5+8xuULXL7uQ9Z8VzFg5USwFJknmeoGnVZXIlQQECsl40bFDosUn/8MOOngZK/Fntu+HdcF5EE6jTE0S20GnuCqBLpUCIO0lAP1LtsDRPtBrpnH3vzArcyoDmkwBuMbE6EXvxqeykmMj3HiEHebbt1UEzcAS5feM/Q3hj/j+dacKYR4imF/H0gwbqE201/BiQKyRnxiqAP73c+9pFzPA36dCybSbyNl4H1wxA0XG0WjKeUBwhg/+9qDmH/dgNqey4xTj5A+IRthSZBG5DBVFfdbrnYXK3Bo==jpn2-----END PGP SIGNATURE-----
And here is the message HugBunter posted before the one above:-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512Working on it, will be back up as soon as possible. Sorry for the inconvenience.-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAl0LcsIACgkQ6GEFEPmm6SLl7xAArQIaooJlqjfySh+Gf47IOmgfFH79os2Wgdt7oDLHcB4060Uw9GNELtXknwlHmuT228f9UHGg8gjhVdxgooA2Dqt09ascs04ubbtD34qH3sdLQ5SrksYXjU+2RyLxw+Xuvzlvtk8B+xf+VkU60RPV16ExUUkh/YNe4xS+mXMPi07QiSYmLeOtnj6RDw8hqJqZ60d76xZEUxB64HYMB622DKU9lHQY6JzG5xj608wYPwmXi2ykD9buizVKBaW8sXQZYnRepvY1mC98Yh9IC69A6HXfDJhqdv1T3PzI5uutK0qsrdJItiTnvOmURBzl3f7oWaBIU4/TcRpAZ++en9R9xiIwYOvhinOX6GIMUxenW+JhdFp+VBjWK6+sBUhPO62OIWGOuMnv09feTEel61cjym8SrK4VRECXTxLiyg98AxAswOdv/FJa9QHTPNWXFoGtfJlr+AeOlCXnmtjJ1D293i2OUoHOndup6ooOa42c30o/1F8HqD82E0fKkGzJnVLxc1ijlyXYXhJg2gix5i4cPKknGQmB96qPuMPRzsmH32FfTswVkbhpriEQ+ksOddfWTg70ZWDKAu26E8tVJQ/f+Fs4Vh6Im+nACJuCO2UDyIF241zTM1+Q77H3xd6dHfVmQFGGGrugS5slNpBciCP8RYWXsiLNPLX2LHcdHJ4powI==1aAg-----END PGP SIGNATURE-----
