from Hacker News

Hi HN, I'm Delano, the creator of Onetimesecret.com. We're currently facing a severe DDoS attack that's been ongoing for four days, with traffic reaching up to 4 million packets per second (packets per seconds isn't something we've kept track of, but I'd estimate around 50-100 pps -- to put it a completely different way, we do about 250k+ secrets a month). Our site has been more down than up, and I'm pretty tired at this point from lack of sleep and stress.

Some of you might remember us from over the years. In particular I know it's a common refrain that our encryption sucks. I can say that the reason it hasn't been improved is that our number 1 competitor is folks doing nothing. That is, not using anything at all to protect password and other sensitive info. We are working on improvements though and will get to it, but right now, we urgently need help with DDoS mitigation strategies. We've tried increasing our server capacity and implementing server-level traffic filtering, which has had limited success. The ongoing attack is overwhelming though. And definitely beyond what I would consider manageable with HAProxy ACLs and fail2ban.

This attack is obviously impacting our ability to serve our users. Any advice on immediate actions, recommended services, or long-term strategies would be immensely appreciated. I'm open to all suggestions and willing to provide more details if needed.

Thank you, HN community, for any help you can provide in this tender and critical time.