January 22, 2004

Never a Dull Moment

I came back from a really interesting talk on the future of neutrino-mixing experiments (yes, they actually hope to measure CP-violation in the neutrino sector in the next generation of experiments!), only to find that all hell had broken loose in the MovableType world.

Our friend has returned with a new, “improved” program which floods the trackback system, prompting panicked email messages to and fro.

I guess it’s time to release my patch to enable Trackback throttling in MovableType.

Our l33t h@ckr probably slaved away all night on that program. And it took all of 20 seconds to delete the 43 trackbacks he managed to post to my blog.

Update: I am still waiting with bated breath for “Dv” to post his latest creation on http://terrato.org/ . He, apparently, doesn’t want me linking to his site, so you, dear reader, will have to cut and paste that URL in your browser. Can you do it? I knew you could.

I should also point out (even our Crapflooders are capable of figuring this one out), Trackback flooding is totally cross-platform. If your blogging software supports Trackbacks, and your vendor has not put some kind of throttling in place, you are vulnerable.

Update (1/23/2004): I should have stated the obvious: as with the comment throttling code, this patch is incompatible with the current version (1.6.2) of Jay Allen’s MT-Blacklist. You’ll need to add the throttling code to his MTBlPing.pm file instead.

Update (1/27/2004): Terrato.org has lost its DNS listing, so if you want to see what the “pathetic lamers” (a term they, apparently, prefer to “script kiddies”) are up to, you’ll have to go to http://193.77.153.149/ . Version 1.2 of their comment-flooding script is a particular hoot to read. Enjoy…

Posted by distler at January 22, 2004 4:50 PM

TrackBack URL for this Entry:   http://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/294

Weblog: Raw
Excerpt: Shelley got hit by several hundred pings in one go. Work-for-everyone solutions sought. Burningbird: Once upon a time... PS. distler...
Tracked: January 22, 2004 5:05 PM
Weblog: Burningbird
Excerpt: A long time ago I started work on a concept called threadneedle, to find a way to track threads of communication through weblogging. However, when Movable Type introduced the concept of Trackback, I dropped work on Threadneedle because Trackback provid...
Tracked: January 22, 2004 8:46 PM
Weblog: zen aku.net weblog: code, science, mathematics
Excerpt: When Script Kiddies Attack! (Dunn-dunn-dunnnn!)
Tracked: January 22, 2004 8:49 PM

Re: Never a Dull Moment

Hey distler, can you save me some time and send me a patched version of MT::App::Trackback.pm? I will incorporate the change into MTBlPing.pm… mt-blacklist at jayallen dot org. Thanks and good work.

Posted by: Jay Allen on January 23, 2004 8:45 AM | Permalink | Reply to this

We Have the Technology

Just use the patch file, for God’s sake!

I have other changes to my copy of lib/MT/App/Trackback.pm that you probably don’t want to incorporate.

Posted by: Jacques Distler on January 23, 2004 9:35 AM | Permalink | Reply to this

Re: Never a Dull Moment

“URL” is an Uniform Resource Locator, not Unified Resource Locator.

You newb.

Posted by: Dv on January 23, 2004 10:31 AM | Permalink | Reply to this

Re: Never a Dull Moment

I doubt he stayed up all night on it, considering trackback is easier than shit to flood.

All it takes is a post request with a certain set of variables. Since these pre-existing scripts are simply andvanced POST flooders, it would be simple to modify it to flood trackback.

Posted by: forks on January 23, 2004 11:39 AM | Permalink | Reply to this
Weblog: DE-duce
Excerpt: [kottke.org] And then, magically, I'm surfing around this morning and ran across <a href="http://weblog.burningbird.net/fires/metablogging/goodbye_trackback.ht...
Tracked: January 23, 2004 8:29 PM
Read the post Redirects Are Not An Option
Weblog: Full Speed
Excerpt: I have just installed David Raynes' Optional-Redirect Plugin for Movable Type. Comment author links no longer behave in the 2.661 way. They work as they should---that is, they link directly. While I understand the nature of this change that Six...
Tracked: January 27, 2004 10:38 AM

Re: Never a Dull Moment

Hrmm… it seems that terrato.org is gone. I guess he was mad at just seeing his url on the page. Anyhow, there are other ways to get to that guy’s site. Try this URL:

http://193.77.153.149/

I tried linking it directly from this comment, but as promised, the referrer gave me away and sent me to a page showing many pictures of male genitalia. Try typing in the IP if you must visit his page.

Posted by: Anonymous Because Afraid of Being Spammed on January 27, 2004 10:51 AM | Permalink | Reply to this

Re: Never a Dull Moment

Update: Here’s the scoop from his site:

(25/1/2004) DNS records for terrato.org have been removed. Use 193.77.153.149 or tmp.transfixion.org until they are back.

Also, it appears as though he has a tool for crapflooding LiveJournal now as well.

Posted by: Anonymous Because Afraid of Being Spammed on January 27, 2004 10:56 AM | Permalink | Reply to this
Read the post Two To Annoy...
Weblog: Team Murder
Excerpt: Ugh. I've been reading up on the future of weblog flooding by assholes and I don't have the energy to...
Tracked: January 27, 2004 12:17 PM
Weblog: Raw
Excerpt: or "Ping Pong" Norm says hello to TB, Shelley says goodbye to TB. Distler throttles it....
Tracked: January 27, 2004 1:49 PM
Read the post Stepping Stones to a Safer Blog
Weblog: Burningbird
Excerpt: In the last few weeks, I've been hit not only by comment spammers, but a new player who doesn't seem to like our party: the crapflooders, people who use automated applications (you may have heard of MTFlood or some variation) to literally flood comment...
Tracked: January 28, 2004 6:19 PM
Weblog: ACJ's Weblog
Excerpt: George W Bush and the real state of the Union Remarks by the President to the Press Pool WHOIS information for googleporn.com NASA altering the true colors Mars? SimpleBits | Comments are Down Musings: Never a Dull Moment...
Tracked: March 6, 2004 7:22 PM
Read the post a sorry saga of stupidity and solutions started by spam
Weblog: AkuAku
Excerpt: Friday was a bit of a headache. I woke up confronted with ~150 trackback spams on my Moveable Type 2.51 blog. The day ended with a painful 'upgrade' to MT 3.0D and ultimately necessitated some band-aid code written in Java...
Tracked: July 5, 2004 1:44 PM
Weblog: DE-duce
Excerpt: [kottke.org] And then, magically, I'm surfing around this morning and ran across <a href="http://weblog.burningbird.net/fires/metablogging/goodbye_trackback.ht...
Tracked: January 17, 2005 6:53 AM