Page 1 of 1

DDOS waiting screen seems to be causing issues

Posted: Sun Mar 28, 2021 12:30 pm
by schworakgj
4 out of 5 attempts to access bug reports is giving me a 403 error right after the DDOS waiting screen.

I try from the link in the API data, an email notification or copy/paste of the report links.

I am presented with the DDOS waiting screen, then a few seconds later I get the 403 error message screen. I try several times and then it will work properly for a while. Then a few hours later, the problem returns. There appears to be a defect in the DDOS check process because the link addresses are the same weather they work or fail.

Here is a couple sample links...
https://openbugbounty.org/reports/1642146/

This link came from the API JSON URL and is consumed by my custom reporting tool. I even copied/pasted directly out of the JSON provided by the API and got the same issue.

I think I may have found a clue to the problem though and here are the steps I used to reproduce the issue.

1. Open an incognito browser and paste in the URL
2. The DDOS delay screen comes up then the error
3. Paste the URL again, but modify it to start with www. (as the url doesn't have it now)
4. The page works correctly and because a cookie is stored it keeps working
5. Close the incognito window and go back to step 1 and the 403 error comes back.

I made a tweak to my reporting tool that is consuming the API JSON to prefix the report link with www. every time and this has made my links start working again. So the defect appears to be a problem with the link in the JSON file itself not having the www on it and the DDOS screen redirecting process.


This link will fail the DDOS check process after the redirect
https://openbugbounty.org/reports/1647057/

This link will work properly
https://www.openbugbounty.org/reports/1647057/