|
|
|
|
|
|
by Liquix
2436 days ago
|
|
|
Addresses are changed when the DDoS takes one down. This mean's the attacker's (usually automated) resources are wasted on a domain no one will ever visit again, while users will just visit dark.fail and get a new link 15 seconds after the site goes down. At the beginning of the DNM large-scale DDoS attacks (Empire in particular), there was panic, confusion, and a whole lot of phishing. As another commenter noted, Empire users have now been trained (or learned the hard way) to visit dark.fail, copy/paste a mirror .onion address they've never seen before, verify it as legitimate through the various captchas/pgp/safeguards on the Empire login page, and then enter their username/password. Sure, it's frustrating and complex the first time - a heck of a departure from cookies and 'sign in with google' buttons. But after five or ten times, it's just the way you log in to the website, and it takes an extra 60 seconds tops. Not saying this is the only/best solution to a dedicated onion DDoS - just sharing that it's been working for Empire. |
|
|
Seems like an obvious next step.