This war is very close to my heart and I’ve been able to contribute some network capacity to pressure Russian servers, without any effect to other services I host, using my RPi4.
I added this entry to my docker-compose.yml and it fetched the targets and started spamming their servers (logs are in Ukranian).
services:
mhddos_proxy:
image: ghcr.io/porthole-ascend-cinnamon/mhddos_proxy
restart: unless-stopped
environment:
- TZ=Asia/Tokyo
deploy:
mode: replicated
replicas: 2
You may think it is “unethical” to disturb services, but I’m sure you understand who is the aggressor, what is at stake here and this is a completely free way to be on the right side of history.
More information here: https://bsky.app/profile/itarmy-ua.bsky.social
I am not related to the project, I just contribute the little I can.
Running something like this will put a big target on your back. I hope you have your network locked down tight.
That is not true. There is nothing illegal about creating massive amounts of traffic to an IP/website. Your comment sounds disingenuous.
There is nothing illegal about creating massive amounts of traffic to an IP/website.
?? No this is extremely illegal.
You are right in that purposefully creating massive traffic to a specific website is most probably against some TOS (I would not go so far as to say illegal). Nevertheless, this is war and my contribution, by itself, is insignificant and remains well under the radar.
This war is very dear to my heart and I wanted to attract some attention to this tool for people who feel the same.
No, this is not a civil matter or TOS violation. It is a federal crime and felony in the USA under the Computer Fraud and Abuse Act.
So is conspiracy or threat to commit a crime in the CFAA. If you’re in the USA, you should delete this post because it is a federal crime, itself.
Thank you for your concern. I do not reside in the USA. Certainly, actions that would hinder an oppressive government’s reach would be made illegal, but there is strength in numbers.
There is only strength in numbers (as a defence, which is what you’re positing) if everyone is informed of the consequences of their actions. If they are not, they can blame you for misleading them.
People aren’t doubting the virtue of your intent but you are speaking very confidently incorrectly about legal matters which doesn’t help your overall appeal.
It seems so. I guess I do not understand where the many requests/DDoS limit is and the ramifications it may entail in some jurisdictions, although, I explicitly wrote “DDoS” in the title…
I had the impression that as a lone actor, lending CPU cycles, you do not fall into the latter category, since the state-sponsored attack, which I support in this instance, is carried out by a different entity.
Perhaps, you would even argue that you have plausible deniability when accused of carrying out such attacks, just like the proprietor of a hacked device cannot be held liable (I assume). Definitely good to know.
Not sure where you got that, but DDOS attacks are, in fact, illegal in many places.
Even if it was legal, you’d still become a target for fucking with big powers like the government of a major country.
I see what you mean. Of course this is most probably “illegal”, but I really do not care about the ramifications the Russian Federation could hold me accountable of, especially since they do not have jurisdiction where I live.
It’s also most certainly against the terms of service for your ISP, VPN or VPS, so you could get your service terminated.
Again, no. Fundamentally, there is no difference in you refreshing a page over and over, the strength comes from the distributed aspect of this attack. There’s no limit on the use of bandwidth and this is no base, by any means, to end a contract.
Of course, you are free to do as you please, but I am aware of how this works and happy to contribute.
I am aware of how this works
No, you are absolutely not aware of how this works. This is a blatant felony. Its like thinking you can’t be convicted for murder because there’s nothing “fundamentally” illegal about shooting a gun.
I think there is a misunderstanding: I am not the one carrying out the attack in this instance, I only lend some CPU cycles to a coordinated attack. The bandwidth I contribute is insignificant (I mean… a RPi and the impact to my own services is not noticeable). The attack is only effective with lots of people with the same ideals.
I think the gun analogy does not really work here: you cannot be held accountable for creating any part of a gun, in case of a murder.
I am not the one carrying out the attack in this instance, I only lend some
CPU cyclesfirearms to a coordinated attack.Intent is the thing you are missing. You know the end result of your actions. That is why this action is illegal in civilised countries.
I think the gun analogy does not really work here: you cannot be held accountable for creating any part of a gun, in case of a murder.
It absolutely applies, but you are not making the gun are you? You are handing a working firearm with ammo to someone you know will do something illegal.
If I borrowed my friends firearm and said I’m going to the range, that is a normal thing. If I said I’m going to Bondi Beach with it, that is a cause for concern and why people get caught up in accessories charges.I think the gun analogy does not really work here: you cannot be held accountable for creating any part of a gun, in case of a murder.
You’re not making the gun, the programmers that wrote the DDoS program did. You’re firing it.
It’s more like, you and a bunch of your friends murder by getting together and flinging the victim with rubber bands until the victim actually dies. Just because all you did was fling a small percentage of the rubber bands and that wouldn’t have killed the victim on your own doesn’t change the fact that you participated in and committed a murder. Legal systems do not have loopholes that allow you to commit crimes like this. They only have loopholes for the ultra wealthy.
no one said anything about legality.
but that this points known hackers at your door.
Ah yes, in that sense my network is locked down super tight. My SecOps is solid by any standard.
I promise you that your personal security posture is not adequate to keep you protected from a nation state.
It so happens that my own nation state’s security is in danger of another nation state, so at that point this stops mattering.
Not really
If anything they will just block your IP
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters IP Internet Protocol RPi Raspberry Pi brand of SBC SBC Single-Board Computer
2 acronyms in this thread; the most compressed thread commented on today has 15 acronyms.
[Thread #77 for this comm, first seen 9th Feb 2026, 07:50] [FAQ] [Full list] [Contact] [Source code]
Wow. At some point you really should use the same amount of energy actually examining what Russia is saying, and thus what is actually happening. Oh well, I guess its just easier to get a fully formed opinion served by propaganda…
Don’t listen to what leaders say, watch what they do.
I’d say I’m surprised to read a genocidal take on .ml but that too would be a lie.
.ml account
defending Ruzzia
Opinion rejected.
It’s hard to hear what they are trying to say over all the gun fire noise.
Is there any way to know this is legit?
I suppose you could check out their Wiki page, it’s always good to double check that this kind of activity is not counter-productive (that would actually benefit the enemy). In this situation, it seems legit based on everything I’ve seen.
It is tribal to block an attack like this if you even manage to make much of a impact at all.
A better use of your network would be running a Tor node or snowflake proxy. The biggest fear of Putin is that his people will get free access to information. The pen is far greater than the sword.
Noted, and why not both? Also, the targets are switched often (from what I’ve seen in the logs), so it may be trivial to block, but the service will be temporarily out for the cost of nothing to me.
any info on intended results/actual results?
As much as I like the idea of this, I don’t really have any way to vet this. That’s not where my skills lie. And I live in a country run by fucking morons that want Russia to win this thing anyway so no traffic coming from my country should be considered trusted any more than this.
While willful participation in a DDOS attack is a literal crime where I live, the greater concern I have is not being able to confirm this does what it says it does and nothing else. We are well beyond the Low Orbit Ion Cannon days.
