### MikeMirzayanov's blog

By MikeMirzayanov, 4 months ago, translation, ,

Hi Codeforces!

Unfortunately, ill-wishers thwarted the round by making DDOS on our infrastructure. Neither the coordinator nor the writers of the round are subjects to blame for the failure. Please do not downvote the announcement of the round. I think that this situation is an additional reason to support the writers. They worked hard and prepared good problems!

Apparently, such an attack should be regarded as a symptom of the fact that Codeforces outgrew the youth phase and entered serious adult life. Of course, we will respond with adequate measures to protect ourselves from such incidents. Fortunately, for almost 10 years of work, a large community has formed around those who care about Codeforces. We are not worried about possible additional expenses or efforts. We can do this. The rounds must go on.

UPD 1: All three of today's rounds will be unrated.

UPD 2: Hooray! Today we've survived another DDOS attack. The round was not perfect, but it was not ruined!

• +3234

 » 4 months ago, # |   +307 Seriously, what could be the reason to attack a non-profitable and educational site like Codeforces :( ?
•  » » 4 months ago, # ^ | ← Rev. 2 →   +65 You must think globally. If the tasks are complex, you no need to solve them, just DDOS the platform.
•  » » 4 months ago, # ^ |   +37 to get rid of codeforces fans and drag them to another site and make a profit .
•  » » » 4 months ago, # ^ |   0 Agree.
•  » » » 4 months ago, # ^ |   0 I agree
•  » » » 4 months ago, # ^ |   0 agree
•  » » 4 months ago, # ^ |   +107 It's not unreasonable to think that screwing with the Technocup selection would be profitable to someone, possibly a participant. Wasn't the same contest also attacked last year?
•  » » » 4 months ago, # ^ |   +46 Last year it was one participant who was doing really badly, and he wanted them to host a second round so that he could get another chance.Last time they didn't host new round and just used standings before the attack started. Seems like this year attacker got what they wanted (new round). Too bad.
•  » » » » 4 months ago, # ^ |   +4 Last year it was one participant who was doing really badly Who was it? How idiotic one has to be to ruin everyone's effort for self gain..
•  » » » » » 4 months ago, # ^ |   0 It is not providedhttps://codeforces.com/blog/entry/63375?#comment-472948
•  » » » » 4 months ago, # ^ |   +3 As I remmember there were 4 selection rounds last year
•  » » » » » 4 months ago, # ^ | ← Rev. 3 →   -9 ofc, u right
•  » » 4 months ago, # ^ |   +1 The attackers want to demonstrate that they can beat the best programmers in the world, especially in their favorite website.
•  » » » 4 months ago, # ^ |   +61 But it shows they cannot beat the best programmers, so they attack the platform.
•  » » » » 4 months ago, # ^ |   +4 It depends on how to define "beat". For coders here, writing an accepted answer quickly is of course one way. However, for others, implementing and breaking efficient, secure and reliable practical systems is obviously another way. I believe best programmers here have sufficient ability to make to their "home" more efficient, secure and reliable. Hopefully can see more academia publications from CF to show how it achieve this goal.
•  » » 4 months ago, # ^ |   -35 Well, to be honest, my action of visiting the website was apparently considered as DDOS by the server of codeforces. I'm not sure if there's a "real" DDOS or just everyone was refreshing too often.
•  » » 4 months ago, # ^ |   +35 Perhaps the hacker did badly in the contest, and he wanted it to be unrated. :-p
•  » » 4 months ago, # ^ |   0 codechef's users :v just kidding
•  » » 4 months ago, # ^ |   0 Congrats
 » 4 months ago, # |   +175 Show must go on
 » 4 months ago, # |   -57 It's rated?
•  » » 4 months ago, # ^ | ← Rev. 2 →   -41 The contest was Awesome but the DDOS attack ruined the show
•  » » » 4 months ago, # ^ | ← Rev. 2 →   -64
•  » » 4 months ago, # ^ |   0 I wish
 » 4 months ago, # |   +38 Sounds supermotivating. #roundsmustgoon
 » 4 months ago, # |   +43 The problems was very nice although we had bad time with submissions but this is not anyone's fault rather than the stupid attacker who hate the community. Thanks for the great contest Codeforces! I hope this attack doesn't stop the community passion for making new rounds.
 » 4 months ago, # |   +101 Maybe a little off-topic: But having a UI which looks as modern today as it was 10 years ago. Congratulations to whoever designed the UI of codeforces.
•  » » 4 months ago, # ^ |   +73 I actually love the design. It's clean and simple
 » 4 months ago, # |   -42
•  » » 4 months ago, # ^ |   0 It seems like your memes and your subbmission have something in common
 » 4 months ago, # |   +64 Exact same thing happened last year. What did you do differently this time?
•  » » 4 months ago, # ^ |   +53 They added the mirror Codeforces minimalistic sites. At least I got to submit today, last year everything was down.
•  » » » 4 months ago, # ^ | ← Rev. 2 →   +36 Yes, what I meant to say is "what will you do differently this time".
•  » » » » 4 months ago, # ^ |   +10 Maybe they should add Captcha for login.
•  » » » » » 4 months ago, # ^ |   -26 Codeforces allows the option to login to as many devices you want. Could that increase the chances of attack? Codechef just allows one to login at one device at a time.
•  » » » » » » 4 months ago, # ^ |   +103 How is this relevant? You don't need to login to do a ton of requests to the servers.Also CodeChef's login thing (actually a lot of things about CodeChef) is really annoying and shouldn't be taken as an example.
•  » » » » » » » 4 months ago, # ^ | ← Rev. 2 →   -30 Deleted
•  » » » 4 months ago, # ^ |   +53 Sadly, all of the mirrors were under attack today too. Big thanks to m2 for working even under such terrible conditions <3 Why, Mike?But why can't Mr. Mirzayanov set up a DDoS-protection, like Clo*dfl*re?
•  » » » » 4 months ago, # ^ |   0 Seriously?? m2 was working?? I am asking because I quit after checking the m3 and m1...
•  » » » » » 4 months ago, # ^ |   +127 m2 was 'working', it didn't show my submission through it in My Submissions.
•  » » » » 4 months ago, # ^ |   +3 m2 stayed up, but https was disabled. Is this a man in the middle attack? I don't know anything about security.
•  » » » » » 4 months ago, # ^ |   +36 (I am not security expert)I'm pretty sure it's only possible to do man in the middle attack if you are the internet provider or control the internet of the target. So it's not likely in this case.
•  » » » » 4 months ago, # ^ |   +3 Because of this.
 » 4 months ago, # |   +15 Couldn't blame anything, just support always be. Thanks to codeforces and Mike for years of hard work.
 » 4 months ago, # |   0 Any eta on when the queue might start progressing like normal? those past couple of hours have been tiring on my poor soul ;=;shame on whoever thinks that DDoSing this wholesome place is a good idea.
 » 4 months ago, # |   -8 Situation was — either the codeforces server gets flooded or I get flooded with negative rating...N.B: (By no means I am the attacker or one of them... I am just one of the noobs who solved only one problem)
 » 4 months ago, # |   0 Is there anyway to know how much my rating will change if this round was rated?
•  » » 4 months ago, # ^ |   +3 Try cf predictor chrome extension... or you can go here
•  » » » 4 months ago, # ^ |   0 thank you so much!
 » 4 months ago, # |   +12 why I can't open testcases of any problem
 » 4 months ago, # |   +51 Thanks to Mike Mirzayanov for Codeforces and Polygon platforms
 » 4 months ago, # |   0 I hope this doesn't happen again ...
 » 4 months ago, # |   +25 Sadly I was top 294 in the div.2 round. But I will do my best at the educational, I mean, I hope it will happen. Please, don't attack other rounds even if you go badly. Stop not accepting a lose. (Only for the attacker)
 » 4 months ago, # |   +42 The attacker while trying to hack codeforces
•  » » 4 months ago, # ^ |   +1 exactly__
 » 4 months ago, # |   +5 I really love the platform. And I’d like to thank you and everyone else who’s involved in anyway on Codeforces for making this great website. Also, Is there anyway that we can donate to the website? I think every dollar will help and I’d like to give back to the community. The rounds must go on!
 » 4 months ago, # |   +30 Why you did this evil person? This was the first time in my holy life I have solved two problems within 30 minutes...I was so much excited that I went for a walk to calm my horses...I was happy again...and now..look what you made me do??? here I am making this confession,rather I should be celebrating my 30+ rating or so in the parallel universe...and oh if you think you can lure away people by doing so..you are wrong... :D
 » 4 months ago, # |   +9 F
 » 4 months ago, # |   +141 Failing kid:
•  » » 4 months ago, # ^ |   0 epik gamer move
 » 4 months ago, # |   +3 When a technocup round comes then it will be probably unrated...
 » 4 months ago, # |   +24 Even in Russia you can't hide from russian hackers
 » 4 months ago, # |   +113 Hackers when they do bad on a codeforces round:
 » 4 months ago, # |   -24 were the 10-15 minute delays in the previous rounds the hackers' fault?
 » 4 months ago, # | ← Rev. 3 →   +3 Looks like it is not possible to check the test details of submissions (in problems from problemset) since the attack :(Edit: already fixed, thanks MikeMirzayanov
•  » » 4 months ago, # ^ |   0 You mean from "Status" bar? I can see them.
•  » » » 4 months ago, # ^ |   +5 I tried from different places but it is always the same because they reach the same point, the submission:My profile -> submissions -> specific submission -> "click to see test details" but they don't appear.Problemset -> one attempted problem -> one submission -> "click to see test details" but they don't appear.Contests -> one participated contest -> my submissions -> one submission -> "click to see test details" but they don't appear.From status it used to be possible to click on one submission and a pop up used to appear with the code and the tests, but now the pop up doesn't appear. It is possible to access the submission page opening the link in a new page, but as in the other cases it will not show the test details
 » 4 months ago, # |   +4 So sad... I did so well and I thought I could be a Master in this round. Anyway, still great thanks to codeforces for all your efforts.
 » 4 months ago, # |   +15 How can "300iq" send tasks while DDOS atack?
•  » » 4 months ago, # ^ | ← Rev. 2 →   0 I think he send e-mail to Mike with code1.
 » 4 months ago, # |   0 Could Cloudfare stop this problem of DDOS attacks?
•  » » 4 months ago, # ^ |   0
 » 4 months ago, # |   +3 Sad...I am just a new programmer from math background..but the problems of this contest were really cool..
 » 4 months ago, # |   +31 f**k the attacker
 » 4 months ago, # |   0 Why can't I see the testcases?
 » 4 months ago, # |   0 i can't see my testdate :(
 » 4 months ago, # |   0 What may happen,we are with you.
 » 4 months ago, # |   +26 Why cant you just use Cloudflare for protection ?? even illegal torrent sites use cloudflare .
•  » » 4 months ago, # ^ |   +28 The main reason — it is partially blocked in Russia
•  » » » 4 months ago, # ^ |   +21 Why not use Cloudflare for just one of the mirrors? Why not use another similar service, such as BitMitigate?
•  » » » » 4 months ago, # ^ |   +23 That will make the mirror partially available in Russia? That doesn't solve the problem..Other fully available services is the only bet then
•  » » » » » 4 months ago, # ^ |   +18 It depends. Only some of Cloudflare IP addresses are blocked in Russia, so if the mirror gets an IP address that is not blocked, it will be fully available.
•  » » » » » » 4 months ago, # ^ |   0 That should work unless cloud flare rotates its IP address during the attack to stop attacks and lands on a Russia-blocked address. Not sure if they will use this strategy to prevent the attack though they might, in that case we are again back to same issue I suppose.
•  » » » » » » » 4 months ago, # ^ |   +8 I don't think that they rotate IP addresses to stop attacks. It is trivial for the attacker to discover the new address.
•  » » » » » » » » 4 months ago, # ^ | ← Rev. 3 →   0 They probably do rotate saying "Most of the attackers don't follow you to the new IP, surprisingly" Its part of one of their heuristics arsenal I guess, so they may rotate. This is an old video but here they say they do rotate https://youtu.be/kjs3KZtFeTM?t=289
 » 4 months ago, # |   +9
 » 4 months ago, # | ← Rev. 2 →   0 I have a request — When a contest becomes unrated, can we still give ratings to the problems in it ? I'm asking this because I find the feature of rating problems extraordinarily useful
 » 4 months ago, # |   +61 TechNoCup : DDOS Strikes Back
 » 4 months ago, # |   +290 Plot twist: Mike did the DDOS so he could now write this post and gain contribution. Illuminati confirmed.Also, please don't use "$q$ independent queries" in statements when you just mean test cases.
•  » » 4 months ago, # ^ |   0 Laughs in "Demons and Angels"....
•  » » 4 months ago, # ^ |   +16 LolMike can become highest contributor anytime he wants xD
•  » » » 4 months ago, # ^ | ← Rev. 2 →   +8 He already has a secret m4 where he is the top contributor
•  » » 4 months ago, # ^ |   0 Isn't "test cases" can be misinterpreted as "tests"? Because I saw several times clarifications with something like: "My solution works on first testcase, why am I getting WA1?"
•  » » » 4 months ago, # ^ |   +18 When the input section mentions that the input starts with $T$ and then there are $T$ test cases on the input, it's only contestants' fault for not understanding that WA1 is WA on the first input and that their code isn't supposed to print something different for the first sample input than the output in the statement.This is like if foreigners who are learning your language tried to change words they have difficulty with. You don't have to follow their fancy. Let them learn.
•  » » » » 4 months ago, # ^ |   0 You may be right, I'm not sure. Anyway, we recieved the proposal from higher-ups to use "queries" instead of "test cases".
•  » » » » » 4 months ago, # ^ |   0 Okay, the higher-ups will probably see that it wasn't well-received.
•  » » 4 months ago, # ^ |   0 Strongly agree on avoiding using 'q independent queries' in codeforces.
 » 4 months ago, # |   +8 I think mike must do something to protect this awesome website from being hacked.
 » 4 months ago, # |   +3 Currently, I have a problem viewing submissions (even mine) in any round or gym, it takes a long time to appear or it doesn't appear at all, is it just me or it's a common problem? Thanks.
•  » » 4 months ago, # ^ |   0 Me tooI have to click about 10 times before submission shows up
 » 4 months ago, # |   +3 hacker noob
 » 4 months ago, # |   0 I can't register for the Educational round 74 (Div 2), does that have anything to do with the DDOS attack?
 » 4 months ago, # |   -7 I know that the decision has been made and I respect it, but was making it unrated really the best possible option? Around 75% of the time everything worked perfectly, and 75% of the time typically accounts for 90% of the contest submissions. One possible option would be to shorten the contest duration and use the results after 1:30:00 as a base for standings and rating calculation.Of course, this would not be completely fair. For example, there are people who budgeted their time between coding and hacking and their plans were thwarted by the abrupt end. There might be somebody who did some final testing, and if they knew the contest is in their last minutes, they would submit faster. As a counter-argument, there were rounds where time was added due to some issue. This might not be as severe, but still can cause similar issues, e.g., knowing that I cannot possibly finish a task in time, my concentration drops and I move to hacking instead.Furthermore, the chosen solution is also "unfair" in the sense that people who did well in the contest before shit hit the fan did not gain rating. Feel free to call me a crybaby in the comments, as I likely missed pushing my top rating because of this. Clearly, this wouldn't have been unrated if the DDoS happened in the last minute, and would be unrated if it happened twenty minutes in. Where's the boundary? (That's a hypothetical question, I know this is fuzzy.)To end on a higher note, thank you for all you're doing for us and that you tried hard to keep the contest alive!
•  » » 4 months ago, # ^ | ← Rev. 2 →   +24 I wasnt able to submit at about 01:10. The first submission by problem E I made was at 01:15 and I remember it was already hard to do it :) . And I think 70 minutes for Div.1 Round is unfair a little
•  » » 4 months ago, # ^ |   +10 I am biased as I did not do well in this particular contest, but I started seeing troubles after 50-60 minutes in the contest (somehow I ended up reloading the page with the problem statement), then switched to m2, and after another 15 minutes I started struggling with the submission.Still, I think keeping rating on the basis of the time point when everything was working well is a good idea. Kind of a "sudden death" feature. However, I see a couple of issues here:1) Some people start with harder problems, probably in an effort to get more points (no idea if it works or not, never tried). Then it becomes a gamble for them, as they might not have enough time to submit a single problem.2) The rating becomes not very representative in the cases when 0-1 problems are solved by that time. Even if the line is drawn after 1 h, I guess this affects more than 50% of participants.I do not really know how to assess this, my point is that the scoreboard looks legitimate for top 200-300 participants, but below that it looks a bit more random. You can see it by the growing dispersion of rating changes (like, some people who would solve only one problem, solved it before the issues appear, and people who would solve three problems, sent a buggy solution for the 1st, started solving 2nd while waiting for the 1st to test, then realized they have a bug etc.).I think it will be easier to solve servers vulnerability issues rather than to come up with clear and fair rules for "problematic" rounds.
•  » » 4 months ago, # ^ |   +31 If you announce a round that lasts X minutes and then shorten it, you're punishing people for not refreshing often enough and instead doing stuff like stresstesting a solution or trying harder problems before easier ones. We're given a known amount of time and told to use it the best way we can. Changing that after the fact is massively unfair, just like e.g. disregarding a problem because it was standard or changing problem scores.Adding time doesn't have that problem (it has some problems). You're given the time you need, you need access to statements, you can use it the way you want and then you can submit. I still think that you need to see the verdict too and it isn't fair otherwise.The second problem is that you can't objectively pick the "end time". If someone submits at 1:31 and gets AC, why would you punish that person? On the other hand, if you disregard too little time at the end, you're giving a random advantage to people who were able to submit through m2, which worked unreliably, or who just kept trying in a situation where it seems like everything is totally down. The only fair decision is that the disruption caused everyone to have a worse result, so everyone's rating change must be non-negative. Clearly, this wouldn't have been unrated if the DDoS happened in the last minute It isn't so clear. If enough people's submissions in the last minute of the contest don't go through and the website times out for the next hour (=provable DDoS in the last minute), they should have the opportunity to be unrated. The line is "can we prove they were unfairly affected?" and "how many people?". Furthermore, the chosen solution is also "unfair" in the sense that people who did well in the contest before shit hit the fan did not gain rating. I don't want that kind of rating.
•  » » 4 months ago, # ^ |   +50 I have a high place and that's only because there was a ddos and nobody could submit later :DLosing more than the last 2-3 minutes of a contest is already a big deal because it's optimal to choose last problem in such a way that you finish it just before the end. It's often good to test it too if you have enough time. I would say that the website not working for the last 10 minutes would be enough to make the round unrated, maybe even less than that.
•  » » 4 months ago, # ^ |   -45 petition to make it rated
•  » » » 4 months ago, # ^ |   +36 Petition to make it $1/\pi$-rated!Petition to make it $r$-rated where $r^5-2r^4-r+1 = 0$!
•  » » » » 4 months ago, # ^ |   0 the petition was successful but it was on the wrong round
 » 4 months ago, # |   +11 Why attack an educational site?
 » 4 months ago, # |   -25 So how many people qualify for the finals after the first qualifier ?
•  » » 4 months ago, # ^ | ← Rev. 2 →   -29
•  » » » 4 months ago, # ^ | ← Rev. 2 →   0 Russian version of Mike's post says "rounds will be unrated, but the best participants will be invited to the Final".
•  » » » » 4 months ago, # ^ |   0 Okay. Hopefully they'll be extras, not taking spots from those qualified through other rounds.
 » 4 months ago, # |   +5 I suggest penetration testers to enhance such a great platform I also suggest to use cloud-flare for preventing such incidents I also suggest to donate by anything that could help in such a situation, because code-forces is a good platform for us all thanks Mike for that effort thanks problem sitters for really good contests please don't down vote that because it's a really nasty problem of hacking something that helping you to be better in CP world
 » 4 months ago, # |   +57 I can't post a new blog :(
•  » » 4 months ago, # ^ |   +14 That's because your contribution is already very high. XD
 » 4 months ago, # |   +4 After reading this I realised How much I am connected to this platform, I started using just two months ago. and it feels like someone has attacked my partner.
 » 4 months ago, # |   +30 It seems that now any user is not allowed to submit more than 20 times within 5 minutes. I understand that this is because of safety reasons, but can you please make some exceptions for vjudge bots, as there are many different people submitting from vjudge.net simultaneously and thus 20 submits for 5 minutes is not so big amount and this cause some queues.
•  » » 4 months ago, # ^ |   -13 vjudge already uses multiple accounts to submit codes. Isn't it possible to increase number of threads(code submitters)?
•  » » » 4 months ago, # ^ |   0 For some (obviously unknown to me) reasons they use five accounts, which is no so big amount. Even 100 submits per 5 minutes isn't enough, because vjudge is pretty popular.
•  » » 3 months ago, # ^ |   0 We're very appreciated for Mike not banning us. We will control the submiting frequecy ourselves when we get smarter.
 » 4 months ago, # |   +6 What does the attacker think?
•  » » 4 months ago, # ^ |   +6 In fact,it's really fool that it was failed.
 » 4 months ago, # |   -18 I believe best programmers here have sufficient ability to make to their "home" more efficient, secure and reliable. Hopefully can see more academia publications from CF to show how it achieve this goal （such as implementing its own operating system, networking stack, web server, contest sandbox, etc ..??).
•  » » 4 months ago, # ^ |   +19 Eagerly awaiting Codeforces OS.
•  » » » 4 months ago, # ^ |   +22 To open any program, you gotta solve a number theory / graph problem first
 » 4 months ago, # |   +21 Submissions sent 6 hours ago such as 62240408 are still in queue. DDoS again?
•  » » 4 months ago, # ^ |   +8 Want to know, too. My several submissions are also in queue for a long time.
 » 4 months ago, # | ← Rev. 2 →   -7 A note for the hacker:- "I don't know who you are. I don't know what you want. But if you ruin any future contest I participate in, I will find you, and I will ki11 you." `
•  » » 4 months ago, # ^ |   0 "I will find you, and I will kiss you."
•  » » 4 months ago, # ^ |   -8 I will find you, and I will caponize you.
•  » » 4 months ago, # ^ | ← Rev. 2 →   +11 Look! I got you. The 13 downvotes my comment got can only be from sadists or hackers.
•  » » » 4 months ago, # ^ |   +9 damn it :/