A user of alternative social bookmarking website Voat is claiming that he is the one responsible for launching a Distributed Denial of Service (DDoS) cyberattack against the Reddit clone.
The user claims he hacked Voat and did so to test whether the website could withstand an increase in web traffic, but Voat's founders deny that he was behind the attack.
Switzerland-based Voat posted on Twitter at 12am on 13 July that it was being hit by an ongoing "layer 7 DDoS attack". Voat, which has an almost identical layout to Reddit, added a bit more detail on its own website:
"In case you were wondering why most third party apps for Voat haven't been working for the last 8 hours or so – we are under DDoS. Again," Voat wrote, quoting a CloudFlare support engineer.
"In order to keep Voat at least somewhat responsive, we've bumped up CloudFlare security settings which essentially breaks most Voat third party apps currently on the market. We are sorry about this and we are working on a solution and taking this time to optimise our source code even further. What doesn't kill you – makes you stronger, right?"
User claims he hacked Voat to expose its weaknesses
Since then, there have been no more updates on Voat's Twitter or Announcements section, but at 5pm on 13 July, Voat user Startv posted that he had been the one to take Voat offline by battle-testing it with "a very low volume of web traffic", sending only 60 requests a second to Voat's servers.
Startv said that his tests show that Voat's developers "haven't got a clue on how to run a service properly". He also claimed that Voat's creators have been lying to its users about the website's security and that the "Voat community is already just as bad as the Reddit community".
However, Voat creator Atko swiftly replied to Startv's comment thread, calling it "bullshit" and sharing a screenshot of CloudFlare analytics showing how many requests were made during a 24-hour period ending at 6pm GMT on 13 July, which was a total of 978,804,387.
Why Startv's attack reasoning makes no sense
DDoS attacks work by disrupting a website through flooding its servers with rapidly repeated requests for connection, that usually come from hacked computers working as a botnet to send out lots of requests in a co-ordinated attack at the same time.
Voat user Startv claims that he was able to bring down the Voat website with only 60 requests per hour, but simple maths proves that this would be impossible as the number recorded by CloudFlare is much larger.
Numerous Voat users have commented on the post saying that Startv's comments are "unfounded assumptions".
Voat creator Atko said that the attack described by Startv would be like "a drop of water in a bucket", and that the real DDoS attack started shortly after scheduled maintenance started.
"Maintenance was performed by datacenter personnel where Voat is currently hosted. I tweeted about this. DDoS is a major problem even for the well established organisations and I see nothing wrong in being transparent about this," he said.
Voat users need to "open their eyes"
Startv is still adamant that he is behind the attack and claims that the requests rose sharply beyond 60 requests a second when he left it running unattended for several hours by accident.
He claims that Voat is no different to Reddit and that its users need to open their eyes. The website hasreceived criticism for being a haven for trolls, as users have tried to recreate revenge porn sections like TheFappening and "jailbait" child pornography threads that were banned on Reddit.
"Open your eyes people. Voat is just another cloned Reddit with the same actions and same content but run by people that don't know what they're doing. I hope they get their act together as I'd love to see it grow," Startv wrote.
"Voat is based on the premise of no censorship yet it's already closing down subverses. Then everyone turns a blind eye or even praises Voat for it even if they were just raging at Reddit for doing the same thing."