Background#
Since being acquired by Musk, Twitter has been suppressing and attacking third-party integrations and clients in both overt and covert ways since August last year, in order to prevent users from accessing and using Twitter through unofficial clients, thereby increasing the company's advertising and membership revenue.
However, open source projects like Nitter and RSSHub in the open source community have not given up their efforts for information freedom. Through various clever operations devised by numerous open source developers, they briefly gained the upper hand in a series of blockades and counter-blockades. The most popular approach is to generate temporary accounts using the interface function used by Android clients.
Progress#
Two days ago (January 26th), operators and developers of many Nitter instances reported that the interfaces they were using had been blocked. At the same time, their instances also began to suffer retaliatory DDoS attacks.
At first, I didn't pay much attention to this matter. After all, who would believe that Twitter's official team would engage in such shameful and self-degrading DDoS behavior? I was highly skeptical of this.
However, yesterday when I opened the GitHub repository of RSSHub, I unexpectedly discovered the following content:
The number of requests in the past month has reached 450 million, which is 50% higher than the normal level (the normal level is only slightly over 300 million).
Then I logged into Cloudflare to check the logs.
Since the blocking of the official interface and the DDoS attack on Nitter on the 26th (the same day), RSSHub has also been subjected to large-scale DDoS attacks. In the past two days, the number of requests has been more than 170 times the usual level, with approximately 1,000 requests per second.
Although the quantity seems terrifying, Cloudflare's excellent caching function has successfully cached over 99% of the DDoS requests, without even triggering any alarms.
RSSHub's load balancing and automatic scaling functions are very robust and have not been under significant pressure.
🤣 It went unnoticed like this.
Further analysis revealed that all requests came from devices with the IP address 139.255.221.98. These requests were targeted at the /twitter/keyword
route, followed by a string of different and meaningless parameters.
I understand why only the keyword route was targeted. Although it is not explicitly expressed in the code, based on my experience of using it, this route uses the search interface that is subject to the strictest access frequency limit. By attacking this route, the maximum effect can be achieved. From this, it can be inferred that the DDoS attackers are also very familiar with Twitter's interface.
Although it cannot be directly proven to be the work of official personnel, various unexplainable "coincidences" have clearly indicated the truth of the matter. Musk's straightforward and crude style of action is also profoundly influencing the company.
Impact#
The further blocking of APIs and conducting DDoS attacks can be said to be very effective.
Nitter developer zedeus stated that Nitter is dead.
Twitter Monitor developer MANKA expressed unwillingness to waste any more time.
The developer of nitter-status even directly released a farewell page.
Is this the end? No, far from it. Freedom cannot be stopped, and we still have many things we can do.
Update on the 29th: RSSHub has been restored.