Viewing a single comment thread. View all comments

dele_ted wrote (edited )

You've got some basic things wrong here.

  1. Hooktube doesn't have an API. They're using the YouTube API.

  2. Watching some videos here and there will do absolutely NOTHING besides bringing Hooktube up in search results. You will never, ever be able to make a difference by watching videos on Hooktube.

e: Also, the fact that no views are being generated for the videos, that a custom player is being used and that no more than 720p is supported most likely means that HookTube isn't using the YouTube API to begin with.

2

imminent wrote

I'd love to be proven wrong, that said I think you're making a lot of mistakes:

Hooktube doesn't have an API.

I know what I'm talking about:

https://hooktube.com/api?mode=video&id=fQk7KtBXWyQ

https://hooktube.com/api?mode=related&id=fQk7KtBXWyQ

Watching some videos here and there will do absolutely NOTHING besides bringing Hooktube up in search results.

This ignores that it creates more requests to their API, and no it won't bring it up in search results just because you more people use it. (just make a google search site:hooktube.com to realize that)

e: Also, the fact that no views are being generated for the videos, that a custom player is being used and that no more than 720p is supported most likely means that HookTube isn't using the YouTube API to begin with.

They're simply giving you the direct HTML5 stream, if you remember when html5 videos just came out to deprecate flash and youtube started using it you could (at the time) right click and select "Copy video location", the thing that hooktube loads is exactly that, and it's a *.googlevideo.com link

−1

ziq wrote

Do you have to drag literally every convo into a discussion about that site? It's making people hate hooktube even more because you won't stop plugging it. How is some fash video site the only thing you want to talk about for months and months?

2

imminent wrote

Do you have to drag literally every convo into a discussion about that site?

No but I have to contend that I couldn't hold myself with this one lol (especially to get some relief from all those insults from the /u/zombie_something user)

How is some fash video site the only thing you want to talk about for months and months?

I want to destroy it as long as there's no other alternative in town.

−1

dele_ted wrote

Alright, that's an internal API, and only exists because the developers are lazy. However, it's not behind CloudFlare - you're saying we could increase the costs of having their website online by generating more traffic to CloudFlare, by using a part of their site that isn't even behind CloudFlare? Yeah, this is a hole in their security, because you can connect directly to the server, which potentially enables a denial of service attack if you had enough bandwidth at your disposal (which you don't), but loading a video every now and then still won't do anything. Am i missing something, or are you thoroughly confused?

1

imminent wrote (edited )

However, it's not behind CloudFlare

Their API is behind Cloudflare, you look at the response headers when you access https://hooktube.com/api?mode=video&id=fQk7KtBXWyQ and you see Server:"cloudflare" as well as other cloudflare stuff, please don't ever EVER ever talk about stuff you don't understand while claiming that others are confused. You got it wrong twice now FWIW.

Which also means that a single person can't take it down since Cloudflare can rate limit requests, and his server too. So it must be distributed.

1

dele_ted wrote (edited )

Which also means that a single person can't take it down since Cloudflare can rate limit requests, and his server too. So it must be distributed.

Just checked again, admittedly you're right about the API being behind CloudFlare. However, the IP to the original server, the one hiding behind CloudFlare, is being leaked. If you want to, you could target your attack there instead, and actually start to make a difference.

The IP is 199.188.200.9.

e: I still think you're confused. Just casually loading up videos through CloudFlare will never accomplish anything. Cherry on top, they're using a free CloudFlare account! Proven by their SSL certificate.

1

imminent wrote

Just checked again, admittedly you're right about the API being behind CloudFlare. However, the IP to the original server, the one hiding behind CloudFlare, is being leaked. If you want to, you could target your attack there instead, and actually start to make a difference.

But he's blocking direct access to everything except Cloudflare. So in practice that means 199.188.200.9 is blocked for you.

e: I still think you're confused.

e: Videos aren't loaded through Cloudflare (it would've been too costly!), but directly from *.googlevideo.com

e: Another reason to force them to upgrade to a Pro account and increase their cost.

0

dele_ted wrote

So in practice that means 199.188.200.9 is blocked for you.

It throws a 403 error, but i wouldn't say it's blocked before having scanned for open ports.

Another reason to force them to upgrade to a Pro account and increase their cost.

The free plan allows, quoting from Cloudflare's own website, "Unmetered Mitigation of DDoS".

Cloudflare is free for them. It will not become less free just because you make everyone here on Raddle visit it.

1

imminent wrote

It throws a 403 error, but i wouldn't say it's blocked before having scanned for open ports.

I'm pretty sure it's intentional and you won't find any open ports.

The free plan allows, quoting from Cloudflare's own website, "Unmetered Mitigation of DDoS"

But it's not absolute, as an example mixtape.moe had their Cloudflare account terminated because it used up too much. But in this case it will be impossible to have him in such situation so I retract what I said.

1