[user5994461]

> And why just the api and manager?

Likely because it's more effective, if you really want to kill the site.

Let's say that you find a "/manage/viewall" page which takes some processing to load (more so than the other pages), is never cached, and can't be protected by cloudflare/capcha/other because it must stay open for CLI tools.

First, it's easy to overload the site by throwing a couple of expensive requests to a few vulnerable services, rather than to have a botnet flooding 100 Gb/s of traffic to random customer instances. (note: the two strategies are not mutually exclusive).

Second, by attacking these services, they impact Linode itself and all customers using it. Someone is really trying to hurt Linode by doing that.

The lesson here: There seem to be some naughty attackers who are putting a lot of effort to put Linode down recently... and they seem to succeed to some extent. That really is a bad position for Linode :(