Background
After the acquisition of Twitter by Mask, and beginning last August, they carried out a series of [implicit] attacks on open-source third-party integration and third-party clients (https://github.com/zedeus/nitter/issues/1150) to prevent users from using unofficial client access and Twitter to increase company advertising and membership.
The opening-source project in open-source communities, represented by Nitter and RSSHUb, did not abandon efforts towards freedom of information, with a wonderful operation ([issue] (https://github.com/zedeus/nitter/issues/983), which came to the fore in a round of blockades and counter-blocks, the most popular of which was the creation of temporary account numbers through the interface function used by the Android client (https://diygod.cc/10k-twitter-accounts)
Through
Two days ago (26 January), operators and developers of many Nitter examples reported that the interface they were using had been blocked. At the same time**,** their examples began to be retaliatory DDoS attacks
[image] (./attachments/QmZLgt 245 ohmpFv5jqmZ4EcosbxjZpeG5fq6StX7zuTf3o.png)
[image] (./attachments/QmYM5zREJ95DGeE8feJQzr6eKczcZdeWwxuXPW4Z3KMgwN.png)
At first, I didn’t care too much about it. After all, who would believe that Twitter would do such a shameful and self-defeating DDoS? I doubt it.
However, yesterday, when I opened the GitHub warehouse in RSShub, I accidentally discovered the following:
[image] (./attachments/QmNoyG5nPS4RJQUy9dPZc1YeCwgjwfW4oYVh1yZSwjarJE.png)
The number of requests in the last month has reached 450 million, 50 per cent higher than normal.
Login then Cloudflare to view the log
RSSHub has also been subjected to a large-scale DDoS attack since 26 June at 0:00, when the official interface was blocked and Nitter was attacked by DDoS. In the last two days, the number of requests is more than 170 times the normal, about 1,000 requests per second.
DDoS requests have been successfully cached by Cloudflare’s excellent cache, even without triggering the alarm, despite the fact that the number seems terrible.
[image] (./attachments/QmW6rnKNHBTKzwMzVtnjUymMmfVrghtFeh28HfxrBLgK7c.png)
RSSHUb’s load balance and automatic build-up are well developed and not under much pressure
https://twitter.com/DIYgod/status/1745090590419619865
I’ve never seen anything like this.
Further analysis found that all requests were from equipment with IP address 139.255.221.98. These requests are for the route of <PROTECTED_BLONK_0> and follow a series of different and meaningless parameters.
I am well aware that the search interface used for this route is subject to the strictest frequency of access, and can be maximized by attacking the route, despite the fact that it is not clearly stated in the code. So it turns out that DDoS attackers are familiar with Twitter interfaces.
While it is impossible to prove directly that the official is responsible, the inexplicable “coincidences” have clearly shown the truth, and Mask’s simple and brutal style is deeply affecting the company.
Impact
Further blockade of API and DDoS attacks can be very effective.
Nitter Developer zedeus means Nitter is dead
[image] (./attachments/QmdEpeYj74uW4Q2NNTuwXrzVCvi1JVjcgDgJz8s1zvSqVp.png)
Twitter Monitor Developer MANKA says she doesn’t want to waste any more time.
https://twitter.com/manka_takami/status/17514519829418342
Nitter-status Developer sends the farewell page directly
[image] (./attachments/QmZN7oZ2UENVANQ5B ShiAinCckK7nfL9ajVrsC5cLETH.png)
Does that look like that’s all? No, this is far from the end. Freedom cannot be stopped. We have a lot to do.
[image] (./attachments/QmWvACcSj5wEFP4vkvknBZ3d9VgiBwEJd62JqSPWMyMjY3.png)
Update: RSSHUb restored