January 22, 2004

Never a Dull Moment

I came back from a really interesting talk on the future of neutrino-mixing experiments (yes, they actually hope to measure CP-violation in the neutrino sector in the next generation of experiments!), only to find that all hell had broken loose in the MovableType world.

Our friend has returned with a new, “improved” program which floods the trackback system, prompting panicked email messages to and fro.

I guess it’s time to release my patch to enable Trackback throttling in MovableType.

Our l33t h@ckr probably slaved away all night on that program. And it took all of 20 seconds to delete the 43 trackbacks he managed to post to my blog.

Update: I am still waiting with bated breath for “Dv” to post his latest creation on http://terrato.org/ . He, apparently, doesn’t want me linking to his site, so you, dear reader, will have to cut and paste that URL in your browser. Can you do it? I knew you could.

I should also point out (even our Crapflooders are capable of figuring this one out), Trackback flooding is totally cross-platform. If your blogging software supports Trackbacks, and your vendor has not put some kind of throttling in place, you are vulnerable.

Update (1/23/2004): I should have stated the obvious: as with the comment throttling code, this patch is incompatible with the current version (1.6.2) of Jay Allen’s MT-Blacklist. You’ll need to add the throttling code to his MTBlPing.pm file instead.

Update (1/27/2004): Terrato.org has lost its DNS listing, so if you want to see what the “pathetic lamers” (a term they, apparently, prefer to “script kiddies”) are up to, you’ll have to go to http://193.77.153.149/ . Version 1.2 of their comment-flooding script is a particular hoot to read. Enjoy…

Posted by distler at January 22, 2004 4:50 PM

TrackBack URL for this Entry:   http://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/294

Re: Never a Dull Moment

Hey distler, can you save me some time and send me a patched version of MT::App::Trackback.pm? I will incorporate the change into MTBlPing.pm… mt-blacklist at jayallen dot org. Thanks and good work.

Posted by: Jay Allen on January 23, 2004 8:45 AM | Permalink | Reply to this

We Have the Technology

Just use the patch file, for God’s sake!

I have other changes to my copy of lib/MT/App/Trackback.pm that you probably don’t want to incorporate.

Posted by: Jacques Distler on January 23, 2004 9:35 AM | Permalink | Reply to this

Re: Never a Dull Moment

“URL” is an Uniform Resource Locator, not Unified Resource Locator.

You newb.

Posted by: Dv on January 23, 2004 10:31 AM | Permalink | Reply to this

Re: Never a Dull Moment

I doubt he stayed up all night on it, considering trackback is easier than shit to flood.

All it takes is a post request with a certain set of variables. Since these pre-existing scripts are simply andvanced POST flooders, it would be simple to modify it to flood trackback.

Posted by: forks on January 23, 2004 11:39 AM | Permalink | Reply to this
Re: Never a Dull Moment

Hrmm… it seems that terrato.org is gone. I guess he was mad at just seeing his url on the page. Anyhow, there are other ways to get to that guy’s site. Try this URL:

http://193.77.153.149/

I tried linking it directly from this comment, but as promised, the referrer gave me away and sent me to a page showing many pictures of male genitalia. Try typing in the IP if you must visit his page.

Posted by: Anonymous Because Afraid of Being Spammed on January 27, 2004 10:51 AM | Permalink | Reply to this

Re: Never a Dull Moment

Update: Here’s the scoop from his site:

(25/1/2004) DNS records for terrato.org have been removed. Use 193.77.153.149 or tmp.transfixion.org until they are back.

Also, it appears as though he has a tool for crapflooding LiveJournal now as well.

Posted by: Anonymous Because Afraid of Being Spammed on January 27, 2004 10:56 AM | Permalink | Reply to this
