The Attacks on LinuxQuestions.org

posted by Roy Schestowitz on Feb 17, 2025

The site/forum was created by Jeremy Garcia 25 years ago. He was about 22 at the time.

LOOKING around the Web for reliable information about DDoS attacks is not simple. The term is broadly used, there's plenty of SEO SPAM (companies trying to sell something by misframing facts), there's plenty of LLM slop (trained on marketing SPAM), and there are misleading technical synonyms, even buzzwords with "cyber" (seeding vagueness, confusion). Look for "ddos linuxquestions" and you might only find people asking about DDoS mitigation in some old thread at LinuxQuestions.org, the "friendly and active Linux Community." (So says the homepage)

Recently, and as recently as last year in fact, LinuxQuestions.org was being hammered by bots (or botnets), so it needed to embrace some method/s of protection. Sadly it chose proprietary Clownflare; that meant some users with certain browsers could no longer access the site and those who rightly refuse to run some proprietary JavaScript simply refused to go there. As a result, participation and visibility decreased, traffic probably declined (as a function of the participation), and we're told that some sub-forums pushed "crypto" (scams) and bigotry. We cannot prove the the latter was some sinister plot to discredit the site; some rather old accounts were posting those things, but it's possible that those were abandoned decades ago and merely grabbed for reuse by malicious actors/purposes. Maybe yes, maybe not.

Regarding the DDoS attacks, that's an open secret.

LinuxQuestions.org might not survive this 'hybrid' attack. Jeremy seems to have mostly stopped caring (or stopped acting). The site LinuxQuestions.org has close to a million threads, so maybe the DDoS boils down to very greedy spiders, maybe LLM harvesters (i.e. plagiarism bots). It's a shame because there are still many good posts and posters in there. Social control media sites sometimes ban similar discussions.

Maybe the site LinuxQuestions.org needs better caching or maybe all the inactive threats can be turned into millions of static pages^* (caches can be bypassed). Going to Clownflare only worsens the problem; GNU/Linux users have good reasons to be angry at Clownflare [1, 2, 3, 4]. The company now intentionally ignores bug reports about users of Pale Moon being effectively blocked by sites using Clownflare. █

______

^* Sure, it's a very big job, but it can pay off in the long term. We converted Tux Machines from Drupal to static (about 200,000 pages) and it has been like 10 times more pleasant to run since then.