Hacker News was down

172 points by daraosn ↗ HN
I'm getting an untrusted certificate warning... DDoS attack or server issue, anyone knows?

98 comments

[ 3.9 ms ] story [ 107 ms ] thread
Phew, wasn't just me. Thought someone might have happened to my computer.
http://isup.me is much easier to remember :P

... it did say that HN was up when it wasn't for me though.

actually today i just discovered how cool DuckDuckgo is. i queried "is HN down?" it automatically searched on those kind of sites and showed "no, HN.com seems up for us. We got a reply from <IP> in <Time> "

I thought, ooo! This looks interesting! And i tried "is news.ycombinator.com down" and it said yes, we got no reply, so that is down.

I tried the samething on google, apparently they are too stuck up to ask other sites to do this (though they did provide links to them). But I apprecaited the automatic answer more, just like i appreciate when google automatically converts currencies and fetches timezones and solves expressions.

same thing here. protected by CloudFlare..blah..
Seems back up now, maybe they were just switching to CloudFlare? I didn't think HN was on CloudFlare before.
It wasn't. Somebody's mad at HN I guess.
Who isn't? This bloody site costs at least an hour per day!

;-)

Traffic seems to be going through cloudflare. Probably to defend against a DDoS. Hitting the URL directly gave me an untrusted certificate. Going via http://ycombinator.com/ works fine.
If you get the SSL warning on Chrome, you can enter "proceed" and then press enter at the keyboard.

Even if there's no "I understand the risks, let me proceed" button, this will work.

So Hacker News is being 'hacked' by hackers, and clicking 'proceed' past the security warning about insecurity is safe behaviour? ;]
Well, that's only if you understand the risks! ;)

The invalid certificate was a cloudflare one, so probably acceptable : )

(and it's always better than accessing over HTTP)

CloudFlare just showed me a "Checking whether you are part of a DDoS" message
I saw it with a YC theme, and the personal "it's been one of those days"* message.

* or similar

> Hacker News

> Yep, it's been one of those days... Hang on a bit while we make sure you're legit.

> Checking your browser before accessing ycombinator.com.

> This process is automatic. Your browser will redirect to your requested content shortly.

> Please allow up to 5 seconds…

Our hosting provider reported a ~10 Gbps DDoS, and null routed our IP with a BGP update.

While we are using CloudFlare now, switching to them isn't what caused the outage.

The error I was getting was an SSL certificate error, so switching to cloudflare also was contributing to HN not being accesible.
(comment deleted)
DDOS Hacker News???!!! Why in the world would anyone do that? This is a fertile ground for hackers, for byte's sake!!!
Not that kind of hackers (crackers)
(comment deleted)
Maybe somebody was upset that the popularity of this site grew so much it impacted the quality of discussions.
Having been on the pointy end of the DDoS stick a couple of times I can tell you that it's not necessarily somebody that has something against YC.

I once tracked down a guy that DDoS one of my sites. Turned out he was only testing his new botnet and needed a target. The DDoS took down the whole ISP of my hosting provider, and it caused my them to ask me to find another place to host my stuff.

With 10 Gbps DDoS costing less than a dollar a minute it does make sense to protect one self as soon as you reach the point where somebody would find it funny to take down your site.

we're using storify and they use cloudfront. they have been experiencing some issues - but they did fix it. took a week or so.
(comment deleted)
I'm getting SSL warnings from Certificate Patrol, anything to worry about?
If its the same as me, it was nothing to be worried about:

You were getting served the CloudFare certificate, which annoyed Certificate Patrol because your browser because it was trying to access HackerNews.

You were getting served the CloudFare certificate for legitimate reasons from HackerNews.

it's been down for a few hours. obviously back up now. :)
Not even making a joke, I literally just had one of my most productive before i go to work mornings in a while. I went to HN, saw the error... said "darn", then went and finished a document i've been putting off.

so ummm... thanks to whoever is responsible for the DDoS

Haha...I feel you man, I've been trying to complete this course on Coursera & only today did I actually complete a full week of it after seeing HN was down !!!
We should setup some iptables script to block it except at lunch time :)
I have to admit, the usual hour binge of the frontpage this morning was a LOT more productive
Was just wondering why everybody here was actually doing something.
Uptick in the tech sector today, eh?
It was canceled out by Stack Overflow and Bitbucket also being down this morning.
I Can testify to the effectiveness of this. I had been putting off reading a growing pile of papers. I might try building a chrome extension which embeds my todo list above the HN header - guilt myself into productivity haha.
Hah! That's not a bad idea actually. Maybe extend it a bit so that it will only show you X# of posts until an item is checked off the todo. Get them all checked off and you can see everything on the front page again?

Personally, I can ignore a checkbox, but I have a very hard time lying to one.

You should turn the noprocast option on in the settings!
Man, I even had breakfast before coming to work!
If HN is such a distraction, activate the noprocrast option in your preferences.
It's still too easy to get around that. There's no way to get around "The site is down / ddos'ed"
I was thinking similar. :-) Productive mornings everywhere!
My most precious productivity tip:

  # Productivity
  127.0.0.1 mail.google.com
  127.0.0.1 gmail.com
  127.0.0.1 news.ycombinator.com
  127.0.0.1 www.bbc.co.uk
  127.0.0.1 netflix.com
  127.0.0.1 www.youtube.com
  127.0.0.1 boingboing.net
  127.0.0.1 xkcd.com
  ...
I've been doing this for a while.

I didn't make an app to customize this list. Nor am I going to spend the next twenty minutes explaining why it works for me.

It works for me.

=)

no reddit? You're lucky. Don't go there.
They probably left reddit out of the list since it's kind of a dirty word on HN. :)
Wait, why? Isn't Reddit funded by HN?
Esp effective if you are doing web development on local machine. Oops, I just started to work.
That is so funny, but it is true...specially for web devs. (Myself included)
Or on a remote machine, just set it to that IP (assuming your project is the default/only vhost). Now that I mention it, I think I'll try that.
This works better for me:

  # Productivity
  127.0.0.1       mail.google.com
  127.0.0.1       gmail.com
  127.0.0.1       news.ycombinator.com
  127.0.0.1       www.bbc.co.uk
  127.0.0.1       netflix.com
  127.0.0.1       www.youtube.com
  127.0.0.1       arstechnica.com
  127.0.0.1       theverge.com
  127.0.0.1       www.google.com
  127.0.0.1       xkcd.com
  127.0.0.1       duckduckgo.com
  127.0.0.1       www.theguardian.com
  127.0.0.1       www.apple.com
  127.0.0.1       store.apple.com
  127.0.0.1       www.microsoft.com

    # Productivity

    127.0.0.1 *
Alternatively, cut your ethernet cable or smash your wireless router!
Nah. Destroying electronic equipment is fun, but editing hosts makes you feel like you're actually accomplishing something. :P
Thanks for the list, didn't know about all these interesting sites ;)
how come duckduckgo.com is there? Do you never need to do searches for various (valid) reasons?
store.apple.com ? You shop apple products every day ? Wow.
he probably just spends time gazing at them and wishing to own them.... people do stuff like that. Me too, but now with apple products. With me it's more likely to be a travel site
An unfortunate truth.
is there any reason people don't do this:

127.0.0.1 mail.google.com gmail.com news.ycombinator.com [etc]

Does Mac not handle it or something?

For me it makes things more pleasant to read, and also makes it easier to re-enable a single site.
But I think you have to separate full and pure entertainment value from partial entertainment and learning for sure.

Of the above list, while there is certainly entertainment on HN, some of the others you listed are definitely less important learning wise other than perhaps lifting your mood.

If you are interested in a slightly less heavy-handed approach. I wrote this to steer me away from the distractions. Just click the browser button to "block" new domains. You can unlock a page, but you only get a 5 minute window. This works well for me and most of my colleagues are using it as well.

https://chrome.google.com/webstore/detail/focused/kjlinclboa...

> When you go offline, that equation changes. You have to be active. Since you can’t input, you output. If you don’t do something, nothing happens.

> So turn AirPort off. Or go to a coffeeshop without wifi. Resist the siren song of being connected (for a couple of hours at least) and watch your productivity skyrocket.

http://37signals.com/svn/posts/80-get-off

It seems that you really could use something like http://www.HNdigest.com (it sends you a daily email with the top posts).

(BTW, I run it :))

      setTimeout(function(){
        ……… 
        a.value = 41+23*9;
        a.value = parseInt(a.value, 10) + t.length;
        f.submit();
      }, 5850);
Is it cloudflare's stuff?

(“Checking your browser” is just two redirects if you wonder)

It's kind of like a captcha for browsers. It proves that Javascript is working in the client (a legit browser or sophisticated bot), and it also slows down the traffic. If your client hits the server before the timer is out, you must be a bot.

Nice.

ugh, does this mean I have to allow javascript here from now on?
Only until the DDoS is over, it's a temporary measure to protect against it.
Was worried something weird was happening on my phone but glad this is just a cloudfare thing!!
cloudflare? really?
What's wrong with Cloudflare?
It randomly triggers and brings sites down. At least my experience with it on a few forums I frequent. All 3 of them switched after a month or so.
Hm. Will keep that in mind / watch for it, since I just started using it for a project. I have to say I was less than pleased when I added a site to my (paid) account and had to opt-out of having my error pages redirected to Cloudflare ones, but aside from that I haven't had a problem.
It actually DoSed a small VPS I had protected behind it. Not sure how, I guess it was scraping for content a bit too fast but my site ended up being more available without cloudflare on top of it
When I switched to Cloudflare there was a period where the SSL certificate served by Cloudflare did not yet contain my domain name. It took several minutes for this to be resolved during which my site was pretty much inaccessible. I assume something similar may have happened here.

In the end it all worked out, but I was a bit surprised that Cloudflare does not at least warn you about this when you enable SSL.

(comment deleted)
Glad it's back, probably you should check for useragent if it's a weak ddos attack.
No self-respecting DDoS attacker would fail to spoof the User-Agent. This is even Web Scraping 101.

Attacks these days are getting rather sophisticated, where significant amount of attacks are using javascript enabled headless browsers. (http://www.darkreading.com/attacks-breaches/ddos-attack-used...)

So what about checking for valid session cookies from before the ddos started?
Why it was checking my Browser compatibility again and again, I am using chrome and use HN on this. Is there any issue with my browser ?
Are you allowing cookies in your browser? They should be same origin.
They probably turned down a DDoS startup ;)
I'm getting connection timed out here. Had to hop on an AWS box and get on here via Lynx. Not sure why lynx is fine but my work network isn't.
I have a HN bot and looks like that the big outage was from 08:30 to 12:38 UTC with some minor (10-15 min) downtimes afterwards.
Comcast still appears to be serving stale DNS, just a note here. So if you're on Comcast you may still have trouble loading the site (and therefore no even seeing this comment) if you're on Comcast. OpenDNS, Google Public DNS, and level 3 are all up to date. Hopefully Comcast will be flushing the stale DNS info for news.ycombinator.com shortly.

[Update 9:55AM PST] Looks like Comcast's stale DNS is still in place.

I'm on residential Comcast in the northeast US and can now access the site directly.
9:25 BST: I'm on Virgin Media (UK) and it looks like their DNS still wants packets to go to 184.172.10.74 (i.e. through Comcast) to reach HN, but as soon as they get to Comcast, they disappear. Switched to Google DNS which points to 198.41.190.47, and all is well.
yeah what was it? I had to exercise in the morning....
I think this was a scam set up by PG himself to make us hackers do some proper work for a change. Hell, it worked.

I bet bitcoin that they finally managed to fix Obamacare.

Was this an example of kindness through cruelty?