Posted by MrBlack in Tor (edited )

Some onion sites have those weird captcha with the upside down and sideways images and poor phrasing (Ex: "a very big long car that isn't called a car" or "like steps but built by people" WTF) as DDOS protection.

But how does that even work? I thought ddos was flooding the server with traffic from a ton of different sources to make it not be able to serve traffic to normal visitors. How the does a captcha do that? I thought captchas were just to prevent bots from accessing the site.

3

Comments

You must log in or register to comment.

self wrote

From my understanding, the CAPTCHA is a very low intensity operation that barely takes any server load, while logging in ot registration or making purchases or even browsing like a script would do repeatedly to complete a DDoS attack. Having a CAPTCHA effectively prevents scripts from doing these high intensity operations multiple times per second.

For clear web sites this is an awful approach, but since you can’t really block IPs on Tor, it’s the best and most effective tool market owners have.

2

MrBlack OP wrote

Oh okay I guess that makes a bit more sense. I always thought a DDOS attack had to have a specific port or webpage as a target. But I don't know how one would be sent through the tor network and I dont even really know how they're sent through the regular internet other than it's just a bunch of requests from different locations.

2

RichardButte wrote

That's basically it, all those request clogs up them internet pipes.

Regular sites often use CDN's (server networks to share the load), and a clearnet solution would have one server sort out illegitimate requests and serve CAPTCHA's while a different server that doesn't see any of the unwanted traffic host the site.

3

Wahaha wrote

Is this a problem solvable through certificates? Like you hide the certificates behind a captcha and revoke certificates of misbehaving users.

2