Railway might as well deploy/having their own DDOS protection service for user
I thought by moving to railway, the problem with DDOS and resource usage will be solved, but apparently no
Solution:Jump to solution
DDoS is complicated. Cloudflare has spent a large amount of resources in protecting you. And yet they don't do a perfect job. Railway is not that type of provider. Actually, Cloudflare isn't either. It is great for most cases. It is an arms race. And the only way you can try to get a leg up, is by defining your own rules. Any publicly known rule set, can be designed around. So... the bad news is that the stuff that works well for others tends to be tightly kept secret.
At least with cloudflare, you can put up a challenge for all requests when getting swarmed. If I remember correctly, you are being target by competition? You are really going to have to examine the requests and see if you can figure out patterns to create rules around. There is no silver bullet.
Feels bad anytime I see something like this. And with such a cute mascot too :cry_gil:...
10 Replies
Project ID:
N/AWe have some basic protections in place, but right now they're geared towards protecting us from getting overwhelmed by bad traffic. DDoS protection for users is def something we want to do in the future, but in the meantime I'd highly recommend using Cloudflare for this purpose
Dont you see? even cloudflare cant handle it
welp seems like i cant trust cloudflare anymore ...
damn
Solution
DDoS is complicated. Cloudflare has spent a large amount of resources in protecting you. And yet they don't do a perfect job. Railway is not that type of provider. Actually, Cloudflare isn't either. It is great for most cases. It is an arms race. And the only way you can try to get a leg up, is by defining your own rules. Any publicly known rule set, can be designed around. So... the bad news is that the stuff that works well for others tends to be tightly kept secret.
At least with cloudflare, you can put up a challenge for all requests when getting swarmed. If I remember correctly, you are being target by competition? You are really going to have to examine the requests and see if you can figure out patterns to create rules around. There is no silver bullet.
Feels bad anytime I see something like this. And with such a cute mascot too :cry_gil:
Well.... how about vercel DDOS protection then? somehow they can provide great DDOS protection better than cloudflare, is there something that i miss?
It isn't "better". It is that they have different rules. And most people use cloudflare. So most anti ddos protection is centered around that. But that only is true until they figure out what provider you are using and switch strategies. Depends on how sophisticated these attacks are.
Assuming you have API requests that you can't put a cloudflare challenge behind, you can try to create a router / limiter that is written in a more efficient language (like C / zig / rust) and use it to do cheap auth and rate limiting. This won't reduce the number of requests that hit a server. But the server it does hit, will be able to respond in a very cheap manner that shouldn't eat into your wallet. I don't know enough about your business logic to actually fully recommend this route. But just food for thought
*To be clear about the first part of my message. This is "to my understanding". I can be wrong and maybe Vercel really does have better DDOS protection. But ,,, I doubt it
welp i'm screwed, it has been 30 minutes and the service weren't up... does someone has advice how to fight this?
if I'm not mistaken, joshie just gave great advice on how to fight it
So i don't know why, but our infrastructure has been on DO Kubernetes service, and using the same configuration as now, when the DDOS attack is happening, our kubernetes infra can recover from attack for just around 3-5 minutes (Total attacks is around 40M+)
However, on Railway, which provides more server resources, somehow can't event help us with this attack, and it's down for around 2 hours until it came stable.
So for others who suffering from this, i don't suggest using cloudflare anymore, however i've not found any replacement for them that can provide mid-level pricing.
And for Railway, i hope that you guys can provide DDOS protection for users, even if it means cost users more (you can split that into additional service), and i don't like the fact that i need to pay for the usage for the attacks that bursts into my service... anyway....
Good luck for others who suffering from DDOS, i haven't found the solution till now, hopefully you'll find and mind sharing how you fight it here ✌🏼
