From owner-freebsd-security Mon May 24 8:45:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from alive.znep.com (sense-sea-MegaSub-1-222.oz.net [216.39.144.222]) by hub.freebsd.org (Postfix) with ESMTP id EA5CA14C8C for ; Mon, 24 May 1999 08:45:09 -0700 (PDT) (envelope-from marcs@znep.com) Received: from localhost (marcs@localhost) by alive.znep.com (8.9.1/8.9.1) with ESMTP id IAA25267; Mon, 24 May 1999 08:50:08 -0700 (PDT) (envelope-from marcs@znep.com) Date: Mon, 24 May 1999 08:50:08 -0700 (PDT) From: Marc Slemko To: Brett Glass Cc: freebsd-security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" In-Reply-To: <4.2.0.37.19990524092545.0474cd50@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 24 May 1999, Brett Glass wrote: > At 10:45 AM 5/24/99 +0000, Joao Assad wrote: > > >In my logs I see a 10 secs interval between each request. > > In some of the ones I administer, it was 3 seconds or > less. And it ramps up, as if one of their scavengers > feeds URLs to the others. > > So much for the 3-10 minutes they claim! 3-10 minutes? Ha. I was seeing 10-20 hits per second on some machines, with hundreds of thousands of hits per day. Their robot is broken because it doesn't follow proper robot etiquette (eg. robots.txt, using a reasonable useragent, etc.), it does not behave like a "nice" robot should to lessen resource use, it apparently has no methods in place to stop it from crawling infinite loops in CGI scripts or other dynamic content, plus it is horribly dumb and appears to like randomly adding '/'s onto the end of URLs to see if it gets anything useful, plus it can't even parse HTML properly half the time. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message