[jasonlfunk]

Though, it is interesting how an article with a dead link made it on the frontpage with 3 points.

[LaurentGh]

It's working well for me. And as it's a GitHub website, it should be ok...

[LaurentGh]

And there are 73 persons on it right now if I believe Google Analytics

[barkingcat]

[ Edit: I'm almost certain it's an ipv6 vs ipv4 issue. the ipv4 addresses resolve to github pages land, the ipv6 address resolves to somewhere inside OVH - the issue being that if the viewer's network infrastructure prefers ipv6, they will get a holding page from OVH stating that that "Site not installed / The site ghirardotti.fr is not yet installed" ]

Dig:

  dig ghirardotti.fr
  ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 19860
  ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 
  ;; QUESTION SECTION:
  ;; ghirardotti.fr.	IN	A

  ;; ANSWER SECTION:
  ghirardotti.fr.	3112	IN	A	192.30.252.154
  ghirardotti.fr.	3112	IN	A	192.30.252.153

  ;; AUTHORITY SECTION:
  
  ;; ADDITIONAL SECTION:

Both ip's belong to Github, probably used as a failover/load balancing/round robin pair of some kind.

reverse dns

dig -x 192.30.252.154

  ; <<>> DiG 9.8.3-P1 <<>> -x 192.30.252.154
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46826
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

  ;; QUESTION SECTION:
  ;154.252.30.192.in-addr.arpa.	IN	PTR

  ;; ANSWER SECTION:
  154.252.30.192.in-addr.arpa. 3593 IN	PTR	pages.github.com.

dig ipv6:

  dig AAAA ghirardotti.fr

  ; <<>> DiG 9.8.3-P1 <<>> AAAA ghirardotti.fr
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 0
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

  ;; QUESTION SECTION:
  ;ghirardotti.fr.			IN	AAAA

  ;; ANSWER SECTION:
  ghirardotti.fr.		1613	IN	AAAA	2001:41d0:1:1b00:213:186:33:19

  ;; Query time: 91 msec

Reverse dns on that:

  dig -x 2001:41d0:1:1b00:213:186:33:19

  ; <<>> DiG 9.8.3-P1 <<>> -x 2001:41d0:1:1b00:213:186:33:19
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25262
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

  ;; QUESTION SECTION:
  ;9.1.0.0.3.3.0.0.6.8.1.0.3.1.2.0.0.0.b.1.1.0.0.0.0.d.1.4.1.0.0.2.ip6.arpa. 
  IN PTR

  ;; ANSWER SECTION:
  9.1.0.0.3.3.0.0.6.8.1.0.3.1.2.0.0.0.b.1.1.0.0.0.0.d.1.4.1.0.0.2.ip6.arpa. 
  85728 IN PTR cluster010.ovh.net.

[cpncrunch]

If they're using OVH they already have free DDoS protection. I use OVH myself and I've had a few mitigated DDoS attacks that I barely noticed.

Perhaps 10 requests/sec is below OVH's detection threshold. My last one was 8.4Gbps @ 1 million packets per sec. 10 requests/sec would be difficult to even notice :)

[LaurentGh]

Nope, OVH is just for our domain name. Also is talking about my blog, not https://www.villa-bali.com website, which is on AWS.

[LaurentGh]

Thank you for this investigation! I've learned how to use dig! I've just remove the wrong AAAA record, as there is no IPv6 for Github Pages.