Who uses forums anymore?
0 Members and 1 Guest are viewing this topic.
Last Monday, some of you may have noticed Insecure.Org slowing to acrawl for a brief period. Meanwhile, my colocation bandwidth graphskyrocketed to massive-overage-charges-if-this-continues territory.My weblogs showed this sort of behavior:207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:52 -0700] "GET /lists/security-basics/2006/Apr/0001.html HTTP/1.1" 200 20718 "-" "-"207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:52 -0700] "GET /lists/security-basics/2006/Apr/0002.html HTTP/1.1" 200 17568 "-" "-"207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:53 -0700] "GET /lists/security-basics/2006/Apr/0003.html HTTP/1.1" 200 18456 "-" "-"207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:53 -0700] "GET /lists/security-basics/2006/Apr/0004.html HTTP/1.1" 200 26590 "-" "-"207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:53 -0700] "GET /lists/security-basics/2006/Apr/0005.html HTTP/1.1" 200 21509 "-" "-"207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700] "GET /lists/security-basics/2006/Apr/0006.html HTTP/1.1" 200 19844 "-" "-"207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700] "GET /lists/security-basics/2006/Apr/0007.html HTTP/1.1" 200 13938 "-" "-"207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700] "GET /lists/security-basics/2006/Apr/0008.html HTTP/1.1" 200 23157 "-" "-"207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700] "GET /lists/security-basics/2006/Apr/0009.html HTTP/1.MS proceeded to make 3738 requests for security-basics articles inabout 20 minutes. That is more than three requests each second. So Ihad no choice but to ban them. This was obviously an intentional DoSattack orchestrated from the highest levels in MS to take downInsecure.Org. Probably Steve Ballmer realized I wasn't within chairthrowing distance and so he came up with this plan instead . Hehe,actually it is surely some employee who forgot that we don't all haveas much bandwidth as Microsoft. So for now, I've banned the IP.The good news in all this is that MS has apparently started to readsecurity-basics. It is about time . I'm tempted to unblock the IPto see if they come back for more intermediate and advanced materiallike Bugtraq next month .Cheers,-FPS: If there is a point to this email, it is simply this: Please don'trun recursive wget or any other scraper against Insecure.Org. If youonly need a small set of pages (less than a couple hundred), I guessthat is OK. If you have a really good reason that you need thousandsof pages, send me an email and I may be able to make a .tar.bz2available for you. I'd be happy to send the whole mbox-formatsecurity-basics archives to Microsoft, for example.
