[hamoodhabibi]

It used to be we will take your server down. Now its we'll DDOS your serverless website and leave you a 100k bill.

I'm not sure how sustainable such business model is. When you owned the server, you could unplug it. Now you have no way of knowing if somebody is going to hit your /api a million times per minute

[andrasbacsai]

I also prefer to get a (decaf) coffee, listen to some music while someone DDoS'd my VPS. I prefer to pay few $ / month for my VPS instead of paying thousands and "survive" the DDoS.

[s9df898r32h]

I pay $10/year for my VPS and host a WordPress Woocommerce store on it... It doesn't get much traffic, but it didn't take long to pay for itself either

[InvOfSmallC]

where?

[kikimora]

AWS guarantees protection from all DDoS attacks done at level 3-4 (Google aws shield). If someone calls your api million times then there is throttling.

[gregoriol]

So instead of DDoSing someone, you could make some not-so-large amount of requests to their APIs and instead of taking down their servers, you'll just take them down by bankrupting them with a huge invoice?

[kikimora]

With default settings an attacker can run up-to 10000 req/sec on your api gw which would result in a sizable bill if left unnoticed. So with AWS you have to configure throttling and AWS protects you from low level ddos. How do you save yourself from a huge traffic bill in a VPS?

AWS also has WAF to protect from DDoS , it is expensive but may save a day if you urgently need a protection.

[margorczynski]

Representational state terrorism

[geek_at]

true. At what point could you say they are accomplices to the attackers

[hamoodhabibi]

Ah the Yelp biz model:

"would be a shame if somebody read a bad review about your biz, pay us to remove it"

to Netlify

"would be a shame if somebody DDOS'd your serverless website, subscribe to our DDOS protection plan"

[bombcar]

Reminiscent of booter sites behind cloudflare.