Meetup fighting against DDOS extortion

When are we going to hold individuals and companies legally responsible for the hardware they control? We already do this for other types of crimes such as remailing scams. If you're going to have hardware on the internet you should be responsible for it. There should be penalties for being irresponsible. Ignorance is never an excuse.

We&#x27;ve been dealing with DDOS attacks affecting mainstream citizens and businesses of 1st world countries for about a decade now. Why isn&#x27;t there law enforcement dedicated to catching people who do this? We&#x27;re at a point where CEOs of companies can engage in such behavior and the companies can stay in business.<p>If there is someone reading this who works with a US congressman or senator, this may be a chance to introduce legislation that can make a positive impact, make it easier to establish Internet-facing companies, and instead of eliciting dismay from the community of technical people, gain their gratitude instead.

At first I almost laughed when I saw the sum - they&#x27;re asking $300? For a company that&#x27;s been around for almost 15 years?<p>That said, Meetup&#x27;s reasons for not paying it are very solid. I&#x27;m glad they&#x27;re spending far more than $300 of their own resources[0] to fight this attack, because other websites would be the ones paying the price if they decided to start this precedent.<p>Also, somewhat relevant: <a href="https://en.wikipedia.org/wiki/Danegeld" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Danegeld</a><p>[0] I wonder how much this downtime actually represents to them (plus the engineering time)

Is it really this hard to fend off a DDOS? At the funding and staffing level Meetup is at, I find this a little hard to understand.

I find it astounding that a competitor of Meetup thinks that DoS&#x27;ing Meetup could drive a notable amount of traffic to their site.

So why don&#x27;t they just use cloudflare? It&#x27;s cheap compared to the human resources they&#x27;ve been spending on the problem.

The problem here isn&#x27;t whether companies are using DDoS mitigation services, it&#x27;s whether they have ISPs null routing them. The weak point here at the top tier ISPs, not necessarily the individual companies being targeted. You can have the best DDoS mitigation service ever, but if the top-tier ISPs black hole you, you&#x27;re in a very bad spot.

I use meetup.com for several meetups. This is not good. I&#x27;m really looking forward to finding out how they plan to mitigate this kind of issue in the future, b&#x2F;c there has to be a way.