disBalancer beta testing has been already underway for one month. The core team and 30 testers continue to improve the functionality of the disBalancer application.
Here is what disBalancers have been doing since the last update.
Human-Like HTTP Requests
During testing in the second half of January, the team improved the request method and made it more efficient. disBalancer servers and protocol reactions provided us with data on making human-like requests. Avoiding some Web Application Firewalls (WAFs), target websites received more than 5–6 thousand requests passing through Cloudflare.
With the disBalancer enhancements, it was possible to deliver the load on a malicious server through the Web Application Filter (CloudFlare) firewall:
Static Web Servers Crashing
The load testing, with the highest number of simultaneous hosts, showed that the improved methods caused the biggest server spikes observed by disBalancer.
With these enhancements, we exhausted the server by conducting development testing, accompanied by L1 Cache exhausting, and increasing the page response time.
Interaction with WAFs
An important point of the testing period was load testing performance at different levels of protection created by our developers. Devs directed methods against WAFs like DDoS Guard, Bot Guard UAM, Cloudflare UAM, CF Pro Enterprise.
The Devs Team has identified attack methods that allowed many requests per second. The next phase of testing will be the development of high-load testing. These testing methods have been effective against servers with a low level of DDoS protection.
Further steps are aimed at dasBalancer App implementation utilizing the Go programming language. This will improve high-load testing performance, provide more control over the load testing process, and improve client performance significantly overall.
Servers with so-called mid-level protection showed that requests were successfully received through WAFs and made a visible impact. However, it was not as trouble-proof as with basic web server configurations.
The most well-secured servers filter legitimate traffic, switching from passive to active protection mode to resist even the most sophisticated OSI7 attacks.
12 websites were overwhelmed during the first beta testing month, including four website downtime cases over a long period of time.
For instance, a case we did during beta testing was to make a Hacken fake website unreachable:
The problem is fraudsters damage not only businesses by cloning their websites. They affect projects that are in need to help. Instead of getting help and cybersecurity protection, they lose even more money which is terrible.
disBlancer appreciates everyone who participates in product development. All cyber warriors have already got the first rewards for participating in the beta test!
We also understand difficulties with choosing the most convenient time zone considering country coverage, so the team sends the deepest thanks to the cyber warriors joining testing in the middle of the night. The most engaged testers receive more rewards for their efforts and contribution.
The team has fixed memory leaks and overflows, implemented smooth communication channels with clients, and made the client-side autonomous. It makes disBalancer able to perform stress testing without user interaction. Only launched applications are required. Beta testers’ feedback and huge involvement helped identify server bottlenecks and implement algorithms to make server-side synchronization run for a long time without manual maintenance. It affected the technical vision of the product and provided us with suggestions for the project development soon.