Bluesky has been dealing with a DDoS attack for nearly a full day

Posted by dotmanish 10 hours ago

Counter130Comment62OpenOriginal

Comments

Comment by minimaxir 9 hours ago

The prevalent discourse/attempt-at-a-meme-but-people-are-taking-it-seriously saying "Bluesky is down because of AI vibecoding!" is starting to get annoying and unoriginal.

Even when Bluesky confirmed it's a DDoS, the line is now "maybe they wouldn't have gotten DDoSed if they didn't vibecode and their code was better."

Comment by SlinkyOnStairs 4 hours ago

> Even when Bluesky confirmed it's a DDoS, the line is now "maybe they wouldn't have gotten DDoSed if they didn't vibecode and their code was better."

The context of the "jokes", regardless of if one finds them funny, is that this is exactly how AI boosters (including the bluesky team) have been behaving.

Every little benefit, no matter how small or unfounded, was being attributed to AI usage. So people do the opposite, attributing every little problem to the use of AI.

The implied punchline being "Oh, so now you care about accuracy?"

Comment by ascorbic 3 hours ago

I haven't seen them do this at all. They've said that they use AI tools when writing code, because most devs do, and they've previewed Attie, their codegen for custom feeds thing, which is a separate tool. None of that is attributing improvements in Bluesky to AI.

Comment by _djo_ 3 hours ago

As I understand things, the only AI tool the Bluesky team has been pushing has been a feed generator/curator. They have been pushing for vibe coding their systems or for using AI to generate content on Bluesky.

Comment by yangm97 1 hour ago

Nostr has the highest count of AI boosters per square meter I’ve ever seen, yet nobody seems to be DDoS’ing that.

Comment by novemp 25 minutes ago

You have to care about something to DDOS it.

Comment by cryzinger 9 hours ago

A week or two ago, when there was a Bluesky outage and a Claude outage at the same time, people were earnestly pointing to that as evidence that Claude was somehow a load-bearing component of Bluesky, or that AI vibecoding had caused the outage... I had to just disengage but I was also very annoyed by it all.

Comment by walletdrainer 4 hours ago

The people blindly criticising AI tools are idiots? Shocking! Who would have thought.

Comment by daveguy 2 hours ago

Why would anyone blindly criticize AI tools, when there are so many flaws to see?

Comment by walletdrainer 1 hour ago

Clearly there are a plenty of people incorrectly blaming AI for bluesky outages, why indeed?

Comment by boring-human 6 hours ago

I don't have any anecdotal data, just detecting a whiff of a possible pattern in your statement. DDoS is bots. Any chance the prevalent discourse is bots? "I ain't saying she a gold digger..."

Comment by pjc50 6 hours ago

Perhaps underestimating how much the bsky audience absolutely hate AI.

It's funny how closely bsky has replicated the dynamic of old Twitter where the people who run it and the people who use it have completely different priorities and loathe each other.

Comment by grishka 5 hours ago

Theoretically, if the backend code is optimized enough, a DDoS attempt wouldn't lead to a denial of service since all those requests would just get served as normal. And as long as the network isn't the bottleneck, which it probably is in most cases.

Comment by Manfred 3 hours ago

DDoS saturates the network, not the service. Even a box doing nothing would still be unreachable.

Comment by pixel_popping 3 hours ago

Not true, a well done DDoS targets also underlying services (example hitting most consuming DB writes).

Comment by junon 3 hours ago

There are multiple kinds of ddos attacks targeting different levels of infrastructure. Idk how anyone can say absolutely that a ddos works in one specific way.

Comment by walletdrainer 1 hour ago

A well done DDoS gets the target depeered :)

Comment by 2 hours ago

Comment by jasonvorhe 5 hours ago

Would be funny if this nonsense came mostly from bots to distract from the fact that Bluesky isn't decentralized and thus easier to take out.

Comment by sieabahlpark 6 hours ago

[dead]

Comment by malshe 4 hours ago

I am not surprised. People on Bluesky are so blatantly anti-AI.

Comment by OuterVale 8 hours ago

The interface seemed to function as normal, but specifically the API was targeted, which left a lot of confused users who were seeing the interface peppered with errors. Watching as it unfolded, it seems it affected certain regions to begin with and then slowly spread worldwide.

Seems they might have failed to host the status page (https://status.bsky.app) separately as well, because that went down several times throughout the outage. They also weren't very active in updating the status page, and the notice that was there had a typo of 'reginos' and a description of 'null'.

Comment by reddalo 5 hours ago

The status page seems hosted by UptimeRobot, so it looks like it was a problem on their end.

Comment by userbinator 9 hours ago

What are the chances some company offers to "save" them with a security service which coincidentally will also require users to use the latest officially-sanctioned browsers, OSes, and "trusted" hardware to pass the "security check"...

Comment by sammy2255 9 hours ago

If you're referring to Cloudflare, the "security check" is not a default setting. For some reason administrators love to use Under attack mode as a band-aid measure to reduce load on the host.

Comment by rezonant 6 hours ago

Or they'll (the site operators using Cloudflare proxy) make ill considered firewall rules like "If not Chrome, require security check".

Comment by sammy2255 2 hours ago

What's your point? You can configure this in Nginx too

Comment by LoganDark 8 hours ago

At least Apple devices are actually secure and can't really be omitted from things other than gaming and business. Granted, gaming and business are pretty important.

Comment by hsbauauvhabzb 8 hours ago

You mean except for that 0day exploit kit floating around on github last week right?

Comment by fastily 7 hours ago

Would you happen to have a link to this? For science of course :)

Comment by throwaway290 5 hours ago

You mean the one for old ios versions?

Comment by hsbauauvhabzb 3 hours ago

You mean the iOS version people are refusing to upgrade from because of the shittified forced UI changes?

Comment by throwaway290 56 minutes ago

You aware that iOS 18 is patched right and "old" means 17 and before?

Comment by throwaway290 3 hours ago

You mean those three people who refuse to apply ios 18 security patches because they think it'll give them liquid glass?)

Comment by fragmede 8 hours ago

> At least Apple devices are actually secure

lol

Comment by strimoza 3 hours ago

Curious how they handled it at the CDN level. I use Bunny CDN for video streaming on my project and signed URLs help a lot for abuse prevention, but a full DDoS is a different beast entirely.

Comment by tasuki 6 hours ago

I thought it was distributed/decentralised?

Comment by rimunroe 11 minutes ago

My understanding is that ATProto itself is definitely decentralized but the app view most people interact with using the Bluesky app is centralized ...sort of. The Bluesky app view will read from PDSes and relays hosted by other people, hence people on Bluesky can see stuff posted elsewhere, like users of Blacksky. If the Bluesky app view decides to stop reading from any other relay or PDS (like those of Blacksky, or ones which are self-hosted) they're free to do so. The same is true for alternative app views like Blacksky. Since most people think of Bluesky as the thing you see on the official Bluesky app (which shows the Bluesky app view) an outage of the Bluesky app view will mean they lose the ability to view any posts from any source. If someone's using a separate app view like Blacksky, the most that will happen to them should be that they'll lose interaction with posts coming from Bluesky's relays until the outage ends.

I may have the division between Bluesky and Blacksky off, but ATProto does allow this sort of thing. Hosting a PDS is trivial and requires very few resources. Hosting a relay is more expensive, and hosting an app view can cost a lot depending on which PDSes/relay firehoses you're ingesting.

Comment by lizardking 2 hours ago

You're probably thinking of Mastadon

Comment by amelius 5 hours ago

Yes, that's the first "D" in "DDoS" ;)

Comment by shafyy 5 hours ago

Thought so too. Odd.

Comment by direwolf20 3 hours ago

Bluesky has never been distributed/decentralised. It's a single central system, which fetches 0.001% of user data from external systems if the user opts in, and has a marketing team that calls this decentralisation.

Comment by shafyy 3 hours ago

I know, didn't add an /s. I thought it was obvious haha

Comment by ChrisArchitect 8 hours ago

Source: https://bsky.social/about/blog/04-16-2026-bluesky-service-in...

Comment by adrithmetiqa 8 hours ago

Is this just for fun or is there some underlying purpose to those type of attack?

Is it possible to have any certainty when answering that question?

Comment by tsimionescu 5 hours ago

Depending on size, such attacks can be very costly to organize, at least in opportunity cost (that is, using a botnet to attack BlueSky doesn't cost anything per se, but it does mean you can't use it for some other purpose, such as attacking someone else or mining Bitcoin).

If you're asking in general, DDoS attacks can absolutely serve a purpose - either to punish an organization that the attackers are unhappy with, or to hide some other more targeted attacks in a flood of errors, weird behaviors, and tired sysadmins.

Comment by pferde 3 hours ago

One possible purpose is marketing. Owners of the botnet are merely demoing the capabilities for prospective customers.

Comment by mrweasel 6 hours ago

Hopefully there will be some post-mortem. It seems like we're don't really see that many deliberate DDoS attack anymore. Not that it doesn't happen, but they really don't provide that much value against a target like Bluesky (unless you really hate them).

I'd be interested in how the attack manifests. Is it an actual DDoS? Is it highly aggressive scraping? We should be able to see this in how the attack manifests itself. What is the sources? That's a little harder, but it would be interesting to know if it's compromised devices, residential proxies, rented cloud capacity or something else.

Comment by ddactic 43 minutes ago

[dead]

Comment by aaron695 2 hours ago

[dead]

Comment by aaron695 8 hours ago

[dead]

Comment by 0xedd 8 hours ago

[dead]

Comment by decremental 9 hours ago

[dead]

Comment by weird_tentacles 9 hours ago

[dead]

Comment by midtake 8 hours ago

[flagged]

Comment by lpcvoid 8 hours ago

We are taking about bluesky, not Twitter.

Comment by bit1993 9 hours ago

A decentralized protocol by definition should not be vulnerable to DDos attacks.

Comment by minimaxir 9 hours ago

Bluesky isn't ATProto.

Comment by shafyy 5 hours ago

For all practical purposes, it is.

Comment by bit1993 9 hours ago

Thank you for the clarification.

Comment by mr_mitm 1 hour ago

It's federated, not decentralized

Comment by anon7000 9 hours ago

You’re saying a mastodon instance can’t vet DDosed?

Comment by eukara 8 hours ago

Truth is if mastodon.social gets ddosd the same as Bluesky I can still use the rest of the network fine. Proof is in the pudding. tons of instances that make up the fabric of redundancy. I think most people would be served better if Bluesky acted differently early with their rollout in a sharded manner?

Comment by yangm97 1 hour ago

This is half true. If mastodon.social goes down every single one of the accounts made on that instance go down as well. In truly decentralized protocols you own your identity and can take it elsewhere, for instance, in Nostr and SSB, a relay/pub going down is no big deal since you can connect to other servers and maintain communications.

Comment by Charon77 8 hours ago

True. The only 'distributed' part of bluesky is in the PR. Otherwise there'd be more instances.

My mastodon account is not even on mastodon.social, because why would I, when I could have a home server closer to home

Comment by genewitch 5 hours ago

i get real tired of people trumpeting that bsky is distributed.

Can i run a private node? can i run a functional node completely within my network segment? because i can with gnusocial and misskey; i've never run mastodon; i am on fosstodon and a couple of other mastodon-likes.

bluesky is to discord what mastodon (fedi) is to IRC.

don't let the fact that most people use the main instances fool you, there's thousands (maybe tens of thousands) of instances. I haven't seen a tally recently, i forget the account that shows them for each "instance type", like pleroma, misskey, mastodon, pixelfed, whatever the reddit clone is, whatever the 4chan clone is, and so on.

anyhow when elon bought twitter mastodon surged. I hope they didn't spend millions upgrading the main instances because most of that dropped off because, you know, everyone's on twitter. only a few million on mastodon.

My whole point is, trying to shoehorn words like "distributed" into a system that i cannot run independently is, well it's just not distributed, that's all.

edit: maybe this is sour grapes because i never got an invite; but maybe i think it's just twitter with a different coat of paint and different buzzwords attached.

Comment by pino83 2 hours ago

Two times some guys at Mastodon tried to convince me to try Bluesky.

I explicitly told them that I want something distributed and that's a high priority, not a nice-to-have.

Yesss, there's definitely some very cheeky marketing going on.

Comment by throwaway290 2 hours ago

Blacksky and other instances of bluesky are not affected, what are you talking about?

Comment by fsmv 19 minutes ago

Not true, they were down because they still use bluesky's relay

Comment by snailmailman 8 hours ago

The people I follow on mastodon come from a wide variety of instances. While mastodon.social is the largest instance, most of the accounts I follow are elsewhere.

Granted, all the smaller instances are likely easier to DOS as they are small instances. But mastodon is actually decentralized. If any one instance goes down, everything else keeps working. Unlike Bluesky and ATProto which is more of a theoretical “could be” decentralized.

Comment by direwolf20 3 hours ago

On the Fediverse you can even block mastodon.social and still have a well populated feed. This is not the case for bluesky.