In this documentation we will cover almost every aspect of the L7Stresser platform including its history and how to use it effectively. As well as other things related to general DDoS attacks and protection systems.
We launched our first DDoS attack platform a few years ago around 2018 which was soon re branded as CryptoStresser. It was the most advanced DDoS service ever offered to customers via a web platform. It had the latest technology for DDoS attacks and a slick, easy to use, modern design with no customer interaction required, high power and frequent updates. After a year of operation CryptoStresser was re-branded as StresserNET which featured a new web platform, with a more modern and intuitive design focused on ease of use, a faster and smarter attack system which used network rotation and load balanncing to be able to handle more users without any power loss. It was a success and it was the biggest DDoS service of 2019 and 2020 with hundreds of thousands of registered users and over 10 million attacks sent. It was revolutionary. Unfortunately our team needed to take a break so we redirected all our users to a competitor service where they got to continue having a similar experience and service. But on mid 2021 we realized it was time to come back. The service provided by said platform and said competitor was below our standards and we knew we could do better, so we set to code the most efficient and powerful DDoS system ever created for our users, and thats how L7Stresser was born.
As simple as our platform may seem, the technology and infrastructure we use to support it is truly impressive. Everything is coded from scratch for high performance and security using over 5 programming languages. We can not disclose everything thats behind our impressive attack system, but we have over 60 servers which amount to over 7.5TB of RAM and 1500 CPU cores and a huge upstream network capacity.
Most of our "competitors" are using public code which is outdated by several years, its not secure, comprimises user privacy, and gives a terrible user experience, it may "look" fine for the first day, but when you have to use the platform repeatedly, their issues, slow loading speed, downtime and bugs will be a headache.
We pride ourselves in doing honest marketing, without giving fake statistics or numbers, those stressers claiming to provide 1000 Gbps are mostly lying. Unfortunately the widely available public DDoS attack has enabled people without much knowledge to create seemingly good DDoS services but in reality they are mostly useless and they rely on false claims and scamming users, since their service doesnt or barely works.
We do not take responsability by any unauthorized DDoS attack.
We dont allow attacks on several government, financial, health and other sectors by default. Ask us if your target is blocked.
Harming the platform in any way or its staff is, of course, forbidden.
Any action can be applied to users based on our judgement.
Common sense and community rules. We are lucky to be able this service mentality.
These are just some of the things we are best at, without getting too technical.
In simple terms, a DDoS attack (distrbuted denial of service) consists on overloading an internet service by sending more traffic that it can handle. In the case of a website (Layer 7 attack) you can imagine it as thousands of users visiting the website at the same time until it collapses.
Stresser is a name used for platforms like L7Stresser which provides users the ability to test (stress test) their website or network against a real DDoS attack to see if it goes offline or it holds up.
People like to classify DDoS attacks by their size in terms of total traffic being sent per second, such as how many dozens or hundreds of Gigabytes per second, or fake visitors sent to a website.
At L7Stresser we believe SIZE DOESNT MATTER. In the modern days DDoS protections are very advanced and able to detect and block big DDoS attacks easily. So we take a smarter approach. Our attack methods are developed to be undetected by firewalls (bypass) and avoid getting blocked. We can get better results sending 1 Gbps (gigabyte per second) than one hundred.
Many competitor platforms still try to lure users by advertising the amount of fake data their attacks send, and showing pictures of graphic metrics. In many cases they cant even send this much data, and even when they can, its mostly useless in 2022.
Every website and network is different, they are built with different technology and have different network capacity. We are proud to say we can take down the majority of internet services offline, including famous and popular websites. That being said, DDoS attacks are not a permanent solution to disable a website or target, and eventually, depending on their IT skills, budget and time spent they will be able to block the attack. But likely will suffer a big loss to achieve that, in terms of money, user experience, SEO, etc.
Many people wonder if the attacks can be traced back to them. The answer is no, attacks sent through our service can not be traced back to you in any way. Unlike attacks sent using other tools / services like LOIC / HOIC etc which send from your computer using your IP address and network, L7Stresser DDoS attacks are carried by a decemtralized network of computers and servers around the world. You are never in direct contact with the attack, you just manage it using our platform.
First, lets define the components of a L7Stresser membership.
Max Attack Time: this refers to the maximum time each one of your attacks can run for before ending. This is not a limitation on the number of total attacks you can send over the duration of your membership, which is unlimited.
For example if the maximum attack time is 1200 seconds, each attack you send can run for 20 minutes before ending.
Max Simultaneous Attacks: this is the most important component of a membership, since it defines the number of attacks you can have running at the same time.
Each attack has a fixed amount of power, thus the more attacks you send on a target, the stronger and more effective the attack will be.
Also it allows you to attack multiple targets at the same time.
How many simultaneous attacks will you need depends on your target resilience to DDoS attacks, or the amount of targets you want to attack at the same time.
If your target is used to experiencing DDoS attacks or it would lose money by being offline it probably has DDoS protection, so you will need several simultaneous attacks.
As much as we wish every target would go down with 1 or 2 attacks, some targets, like big game servers, gambling, streaming, financial or news websites may require, 10, 20 or more attacks.
In case the amount of attacks you have is no longer enough for your needs you can always upgrade to a bigger membership and receive a discount for your previous purchase, by using the discount code UPGRADE on checkout.
If you cant accurately estimate the amount of attacks you need you can always contact us for a test and a quote, we will reply as soon as possible.
L7Stresser dashboard page has 2 main elements, statistics about our platform and more importantly the list of all the news and updates we do to our service, its important to stay up to date to know the current operational status, and be informed on the latest technologies added to our platform.
This page has 3 sections, on the top left, a customizable premium membership. Customizable means you can make any combination of simultaneous attacks, attack time and membership duration that fits your needs. Unlike fixed memberships you can choose an attack time higher than 10800 seconds, and any number of simulaneous attacks, as well as up to 3 months duration.
The second section contains frequently asked questions about memberships, how to pay, how to upgrade, etc.
The third section contains all the pre made fixed memberships which offer a cheaper price compared to custom memberships.
The settings page shows statistics about your current account and your current membership, it allows you to change your password, add your telegram ID, see your daily attack logs, invoice logs, API key and API documentation, as well as delete any of those logs at any time, and optionaly delete your account.
In here you can find us showing some of the websites and targets that have been successfully attacked by our service. You can find a lot more in our Telegram channel. All the targets here are just for demostration purposes and have been blacklisted from our attack system.
This a very useful page. L7Stresser attack system is shared by all our customers, so in rare ocassions all the attack spaces might be full for a specific attack method, Network Status shows how many available spaces there is on each attack network.
Currently we have over 800 total attack spaces, and the regular usage is up to 300/800, we always add more attack space when necessary.
This page contains generic information about our website, service and attack methods, all the information should also be found here, but we ll keep the page just in case.
The most important part of L7Stresser is the Attack Panel page (and the API). Lets take a look at it.
On the right side we have a small box with your membership information and a link to this documentation.
On the bottom we have a box with your running attacks, or attack history. In this table you will manage all your attacks and be able to stop and view information.
In here you can stop each attack individually, you can stop all your running attacks, the selected attacks, or the last 1/5/10 attacks together. Once you press the button the attack will be instantly stopped and has to be relaunched manually.
The image above is L7Stresser's DDoS attack builder.
Once you start attacking your target they will most likely begin their efforts to mitigate and stop the attack, is not possible to estimate how long it will take them, so its important to plan your attacks well. Think strategically and only attack when its most important to you. You can do it at night when they are sleeping, or busy.
If your target is a website, you most likely want a Layer 7 attack.
As previously explained, your membership matters a lot, specially the amount of simultaneous attacks you can have.
Each attack you send will have a determined maximum power, lets say 10. So if you send 2 attacks to your target, the power sent is 20. If you send 10, then 100.
Another important reason to have multiple attacks is the ability to combine attack methods. Sending multiple attacks with different protocols can be effective to bypass protections and overload the target.
Purchasing a membership is an automated process, just select the one you want, proceed to checkout, paid the specified amount of the choosen cryptocurrency, and the membership will be enabled automatically shortly after, you can close the page at any time.
Upgrading your membership is also an automated process and requires no human interaction, you can always ask for help at any time, we are fair.
Its highly recommended that for Layer 7 attacks you always choose an URL target that consumes a lot of resources on the target server, like a login, search, register, submit data operation, captcha generation, etc.
If you attack on a page that is mostly cached by a CDN or even the target server it may have no effect at all.
USe a combination of dynamic page targets, cookies, post data, or what ever needed.
All our attack methods allow for dynamic text randomization using %RAND% and %RANDINT%.
%RAND% will be replaced with alphabetic strings 4-8 characters long.
%RANDINT% will be replaced with numeric strings 4-8 characters long.
This is useful to generate dynamic data in the attack, for example search queries, usernames or passwords.
For example an attack on https://somesite.com/search?q=%RAND% may be harder to block than attacking https://somesite.com/search?q=abcd
You can also specify the amount of dynamic characters generated, for example.
%RAND% = 4 to 8 random letters.
%RANDINT% = 4 to 8 random numbers.
%RAND9% = 9 random letters.
%RANDINT16% = 16 random numbers.
The maximum is a combined 999 randomized characters between all the usages of this feature in a specific attack.
This can be used in attack target, post data, cookies and referrer.
Use with caution dear users!
L7Stresser may seem like a magic tool sometimes, it may also seem completely useless, in reality, its up to the way you use it. If a few seconds after starting the attack your target is completely offline you will be very happy, but if it doesnt, you will think our service doesnt work. Thats why its important to understand what goes on under the hood, the technical aspects of our DDoS attacks, to give you the best chances of success.
What I mean is, our service always works as intended, but all targets are different and may require some additional effort to find the right attack configuration. For some targets it may be as simple as pasting the URL and pressing the button but in most cases thats not the best approach, even if it works.
If you are not an expert this may seem complicated (and it is) thats why you can contact us for custom help on your target. We made our tool and service as easy to use as possible, but if you want to get the best performance you need to do some advanced usage.
It all boils down to how a DDoS attack works. The goal is to overload and exhaust the target resources, making it unable to perform its intended tasks.
In the case of a website, there is many different services and processes required to make the website work, so we need to find the weakest service and crash it.
For example an average website runs on a server, which has a fixed number of bandwidth, CPU and RAM. The server is running several programs to serve the website, such as a web server and database. If we manage to exhaust its resources or crash one of these programs, the website will be temporarily unavailable, its that simple.
It is hard to explain how to effectively make use of this information, but lets look at a basic example.
If you attack a website at "https://somesite.com/" the attack will go to "/" (the landing page) which usually consists of static resources (text, images, etc). Serving this content to users costs very little resources from the server, as its usually cached, and its a small file, so very low bandwidth, cpu and ram usage. If the website is properly configured this attack has a very low chance of success even with a very big attack.
But on the other hand if you attack the same website at a search form like /search?q=%RAND% or a .php page, you force the server to run database queries, or at least some code in the server, causing more resource usage and problems on the target.