
Hacker News was down - daraosn
I&#x27;m getting an untrusted certificate warning... DDoS attack or server issue, anyone knows?
======
swalsh
Not even making a joke, I literally just had one of my most productive before
i go to work mornings in a while. I went to HN, saw the error... said "darn",
then went and finished a document i've been putting off.

so ummm... thanks to whoever is responsible for the DDoS

~~~
pacemkr
My most precious productivity tip:

    
    
      # Productivity
      127.0.0.1 mail.google.com
      127.0.0.1 gmail.com
      127.0.0.1 news.ycombinator.com
      127.0.0.1 www.bbc.co.uk
      127.0.0.1 netflix.com
      127.0.0.1 www.youtube.com
      127.0.0.1 boingboing.net
      127.0.0.1 xkcd.com
      ...
    

I've been doing this for a while.

I _didn 't_ make an app to customize this list. Nor am I going to spend the
next twenty minutes explaining why it works for me.

It works for me.

=)

~~~
kunai
This works better for me:

    
    
      # Productivity
      127.0.0.1       mail.google.com
      127.0.0.1       gmail.com
      127.0.0.1       news.ycombinator.com
      127.0.0.1       www.bbc.co.uk
      127.0.0.1       netflix.com
      127.0.0.1       www.youtube.com
      127.0.0.1       arstechnica.com
      127.0.0.1       theverge.com
      127.0.0.1       www.google.com
      127.0.0.1       xkcd.com
      127.0.0.1       duckduckgo.com
      127.0.0.1       www.theguardian.com
      127.0.0.1       www.apple.com
      127.0.0.1       store.apple.com
      127.0.0.1       www.microsoft.com

~~~
pouzy
store.apple.com ? You shop apple products every day ? Wow.

~~~
xerophtye
he probably just spends time gazing at them and wishing to own them.... people
do stuff like that. Me too, but now with apple products. With me it's more
likely to be a travel site

~~~
kunai
An unfortunate truth.

------
kogir
Our hosting provider reported a ~10 Gbps DDoS, and null routed our IP with a
BGP update.

While we are using CloudFlare now, switching to them isn't what caused the
outage.

~~~
sidcool
DDOS Hacker News???!!! Why in the world would anyone do that? This is a
fertile ground for hackers, for byte's sake!!!

~~~
goshx
Not that kind of hackers (crackers)

------
lelf

          setTimeout(function(){
            ……… 
            a.value = 41+23*9;
            a.value = parseInt(a.value, 10) + t.length;
            f.submit();
          }, 5850);
    

Is it cloudflare's stuff?

(“Checking your browser” is just two redirects if you wonder)

~~~
midnitewarrior
It's kind of like a captcha for browsers. It proves that Javascript is working
in the client (a legit browser or sophisticated bot), and it also slows down
the traffic. If your client hits the server before the timer is out, you must
be a bot.

Nice.

~~~
mhurron
ugh, does this mean I have to allow javascript here from now on?

~~~
Semaphor
Only until the DDoS is over, it's a temporary measure to protect against it.

------
bentoner
CloudFlare just showed me a "Checking whether you are part of a DDoS" message

~~~
uxwtf
I saw it with a YC theme, and the personal "it's been one of those days"*
message.

* or similar

~~~
Semaphor
> Hacker News

> Yep, it's been one of those days... Hang on a bit while we make sure you're
> legit.

> Checking your browser before accessing ycombinator.com.

> This process is automatic. Your browser will redirect to your requested
> content shortly.

> Please allow up to 5 seconds…

~~~
midnitewarrior
LIES. It takes 5.85 seconds.

------
DangerousPie
When I switched to Cloudflare there was a period where the SSL certificate
served by Cloudflare did not yet contain my domain name. It took several
minutes for this to be resolved during which my site was pretty much
inaccessible. I assume something similar may have happened here.

In the end it all worked out, but I was a bit surprised that Cloudflare does
not at least warn you about this when you enable SSL.

------
SebastianB
They probably turned down a DDoS startup ;)

------
xxdesmus
Comcast still appears to be serving stale DNS, just a note here. So if you're
on Comcast you may still have trouble loading the site (and therefore no even
seeing this comment) if you're on Comcast. OpenDNS, Google Public DNS, and
level 3 are all up to date. Hopefully Comcast will be flushing the stale DNS
info for news.ycombinator.com shortly.

[Update 9:55AM PST] Looks like Comcast's stale DNS is still in place.

~~~
toyg
9:25 BST: I'm on Virgin Media (UK) and it looks like their DNS still wants
packets to go to 184.172.10.74 (i.e. through Comcast) to reach HN, but as soon
as they get to Comcast, they disappear. Switched to Google DNS which points to
198.41.190.47, and all is well.

------
mmaia
I have a HN bot and looks like that the big outage was from 08:30 to 12:38 UTC
with some minor (10-15 min) downtimes afterwards.

------
mavus
Traffic seems to be going through cloudflare. Probably to defend against a
DDoS. Hitting the URL directly gave me an untrusted certificate. Going via
[http://ycombinator.com/](http://ycombinator.com/) works fine.

~~~
krallin
If you get the SSL warning on Chrome, you can enter "proceed" and then press
enter at the keyboard.

Even if there's no "I understand the risks, let me proceed" button, this will
work.

~~~
panacea
So Hacker News is being 'hacked' by hackers, and clicking 'proceed' past the
security warning about insecurity is safe behaviour? ;]

~~~
krallin
Well, that's only if you understand the risks! ;)

The invalid certificate was a cloudflare one, so probably acceptable : )

(and it's always better than accessing over HTTP)

------
overshard
Seems back up now, maybe they were just switching to CloudFlare? I didn't
think HN was on CloudFlare before.

~~~
beedogs
It wasn't. Somebody's mad at HN I guess.

~~~
tmikaeld
Who isn't? This bloody site costs at least an hour per day!

;-)

------
kogir
For anyone still having trouble, it's likely due to evil caching name servers
ignoring our 30 minute TTL.

If you're still having trouble:
[https://gist.github.com/kogir/7237218](https://gist.github.com/kogir/7237218)

------
mziulu
I'm getting SSL warnings from Certificate Patrol, anything to worry about?

~~~
robzyb
If its the same as me, it was nothing to be worried about:

You were getting served the CloudFare certificate, which annoyed Certificate
Patrol because your browser because it was trying to access HackerNews.

You were getting served the CloudFare certificate for legitimate reasons from
HackerNews.

------
martin-adams
Phew, wasn't just me. Thought someone might have happened to my computer.

~~~
bbrizzi
[http://downforeveryoneorjustme.com/](http://downforeveryoneorjustme.com/) ;)

~~~
brbcoding
[http://isup.me](http://isup.me) is much easier to remember :P

... it did say that HN was up when it wasn't for me though.

------
NAFV_P
I think this was a scam set up by PG himself to make us hackers do some proper
work for a change. Hell, it worked.

I bet bitcoin that they finally managed to fix Obamacare.

Was this an example of _kindness through cruelty_?

------
fein
I'm getting connection timed out here. Had to hop on an AWS box and get on
here via Lynx. Not sure why lynx is fine but my work network isn't.

~~~
reustle
You're determined.

------
Sam121
Why it was checking my Browser compatibility again and again, I am using
chrome and use HN on this. Is there any issue with my browser ?

~~~
terinjokes
Are you allowing cookies in your browser? They should be same origin.

------
gamebak
Glad it's back, probably you should check for useragent if it's a weak ddos
attack.

~~~
locksley
No self-respecting DDoS attacker would fail to spoof the User-Agent. This is
even Web Scraping 101.

Attacks these days are getting rather sophisticated, where significant amount
of attacks are using javascript enabled headless browsers.
([http://www.darkreading.com/attacks-breaches/ddos-attack-
used...](http://www.darkreading.com/attacks-breaches/ddos-attack-used-
headless-browsers-in-15/240162777))

~~~
im3w1l
So what about checking for valid session cookies from before the ddos started?

------
mjhea0
it's been down for a few hours. obviously back up now. :)

------
tomashertus
yeah what was it? I had to exercise in the morning....

------
antidaily
Twitter too?

------
blumkvist
cloudflare? really?

~~~
antsar
What's wrong with Cloudflare?

~~~
blumkvist
It randomly triggers and brings sites down. At least my experience with it on
a few forums I frequent. All 3 of them switched after a month or so.

~~~
antsar
Hm. Will keep that in mind / watch for it, since I just started using it for a
project. I have to say I was less than pleased when I added a site to my
(paid) account and had to opt-out of having my error pages redirected to
Cloudflare ones, but aside from that I haven't had a problem.

------
emiunet
same thing here. protected by CloudFlare..blah..

