Got ddos attack on replit deployment

Question:
i got ddos attack from unknow person .
how to do avoid it if i use Autoscale to deploy.
is there any way to ban the same ip request ?
thank you .
Repl link/Link to where the bug appears:

Screenshots, links, or other helpful context:

code snippet
1 Like

Hi @carterwu768210 , welcome back!
What Deployment method are you currently using?
And yes, Autoscale Deployments do come with DDoS protection.

1 Like

Autoscale
(1 vCPU / 2 GiB RAM / 3 Max)
this is what i am using ,but i got DDoS attack .



please help how to set the deploy the defend

1 Like

DDOS protection is included so you shouldnt be getting DDOSed. I have sent this to Replit staff, you will likly need to wait until after the new year for a response.

5 Likes

How do you know you got attacked?

2 Likes

They went from getting 0 requests to up to ~1,100,000 requests an hour

4 Likes

because the hacker wrote to me to pay him :rofl:

1 Like

thank you , i will wait for it

2 Likes

Hey @carterwu768210!

I have escalated this to the engineering team and will let you know as soon as I have an update!

3 Likes

haha, im just curious what was the email like, ominously worded, or just straight out “GImMeH Da mONeY orr DDDoSS”?

3 Likes

Hi, carterwu. Did they answer you?

One potential workaround would be to use cloudflared dns with a custom domain so that they can proxy traffic and prevent ddos.

It’s still a problem if the promised features of a product aren’t actually functional and instead requires going through another product to achieve the result you wanted

I can offer some additional context on this matter to help set expectations. I’m not tailoring this to a specific person and just sharing in general to anyone interested.

Replit has protections in place to mitigate the worst impacts of DDoS attacks. These protections ensure that Replit’s systems remain online and capable of serving traffic to user deployments. However, Replit currently does not offer more granular DDoS protection. If this is a concern, there are a few possible options to consider:

  • Overage Costs: If your primary concern is overage costs, you can configure spend limits within Replit. This feature allows you to set a maximum spend amount, after which your deployment will be suspended, preventing further overages.
  • App Performance: If your main concern is maintaining app performance during a DDoS attack, we recommend using a custom domain and implementing a third-party DDoS mitigation tool such as Cloudflare DNS Firewall. This can provide additional layers of protection and help ensure your app remains responsive.

These ideas can help tailor your DDoS protection strategy to better suit your specific needs and concerns. Again, this is in general, and moreover to consider if you want more granular DDoS protection. If you’re getting hit unreasonably hard by DDoS attacks, then by all means contact Support so our team can take a look.

5 Likes

This itself still has a minimum, so you’re gonna have to pay something if you get DDoSed anyway

@boston2029 Yes, that’s true, but it does help mitigate if it goes too out of control beyond the minimum of $10.

1 Like