Service Detail

  1. Home
  2. 2 Days
  3. Service detail

EndGame V2 V3 DDOS filter setup


EndGame V2 – Onion Service DDOS Prevention Front System

V2 Provided by Dread and White House Market.

Should be used with this onionbalance process for distinct descriptors. Use one onion for everything.

EndGame is

  • a front system designed to protect the core application servers on an onion service in a safe and private way.
  • locally complied and locally run (no trusted or middle party).
  • a combination of multiple different technologies working together in harmony (listed below).
  • arguably magic ㄟ( ▔, ▔ )ㄏ

Main Features

  • Fully scripted and easily deploy-able (for mass scaling!) on blank Debian 10 systems.
  • Full featured NGINX LUA script to filter packets and provide a captcha directly using the NGINX layer.
  • Rate limiting via Tor’s V3 onion service circuit ID system with secondary rate limiting based on a testcookie like system.
  • Easy Configuration for both local and remote (over Tor) front systems.
  • Easily configurable and change-able to meet an onion service’s needs.

It can also:

  • Cause you to grow a bigger dick than the asshole DDOSER (true figurally, lies probably)
  • Save you millions of dollars do to DDOSER’s downing your site for ransom or for their extorting fees.
  • Make it look like you know what the fuck you are doing.

V2 Updates

V2 EndGame has updates to the broken captcha generation process using a clock facing captcha. It includes extra features like

  • updated documentation
  • load balanced Tor socks processes for more stable socks_passes
  • unix listening instead of ports for performance, stability, and security
  • true randomization for captcha and cookie generation
  • simple queue system (time based, read below)
  • various theme configuration options right on the setup file
  • dependency script to get all the dependencies only once. Effectively snapshotting all dependencies preventing future dependency repo exploits in the VERY unlikely case a repo was to get compromised. Paranoia mode.
  • bug fixes and various performance tunings

Notes About Queue System

V2 introduces a queue system which effectively prevents CPU exhaustion from mass get attacks. The clock captcha generation is computationally intensive and specifically vulnerable to this kind of attack. By limiting the amount of connections and amount of captcha tries it greatly reduces the CPU cycles to handle the attack.

In this version there is a simple time on line 110 of the lua/cap.lua file which gets checked on line 143. It is recommended to variate this value by attaching a sliding scale time circumstance base on front CPU load. Exponential functions based on the “/proc/stat” value. If you do that, keep the curve private because there is always an “ideal” attack value. When you set set the time value update the queue.html file via a script to rewrite the meta refresh variable.

Tech Overview

Endgame uses a number of open source projects (and libraries) to work properly.


  • NGINX – NGINX! A web server obviously to provide the packet handling, threading, and proxying.
  • Tor – Tor is free and open-source software for enabling anonymous communication. It’s awesome and makes all this possible.
  • Vanguards – A safer onion service circuit building system (to prevent some traffic analysis attacks)
  • STEM – A python controller for Tor.
  • NYX – A command-line monitor for Tor (to easily check the endgame front’s Tor process.
  • V3 OnionBalance – A distributed DNS round-robin like system on Tor to allow load-balancing and elimiate single points of failure.
  • OpenSSL – A dependency for a lot of this projects and libraries.
  • Python3 – A easy to work with programming language we use for background image generation.

NGINX Modules:

  • Socks NGINX – A NGINX module to allow proxying to Tor onion services directly on the NGINX layer.
  • NAXSI – A high performance web application firewall for NGINX.
  • Headers More – A module for better control of headers in NGINX.
  • Echo NGINX – A NGINX module which allows shell style commands in the NGINX configuration file.
  • LUA NGINX – The power of LUA into NGINX via a module. This allows all the scripting, packet filtering, and captcha functionality EndGame does.
  • NGINX Development Kit – Development Kit for NGINX (dependency)

Languages freelancer can speak

Service frequently asked questions