Slashdot Mirror
Kuro5hin Forced Down By DOS
Yenya writes: "It seems that Kuro5hin is being
shut down as a result of the automated "spam" attacks in previous
three days. It is a shame that good work of Rusty and other
volunteers can be destroyed by some clueless attackers.
I hope they will not give up and try to resurrect the site
soon." Yenya was one of many who wrote about this - I personally like kuro5hin and I hope they can find a way to get things working again. Hopefully we'll get more news on it today - stayed tuned.
Many people ask themselves why and iirc some organisations are even spending thousands of dollars on it 'cause they want to know what could motivate a person to do something like this. In this case its a site which isn't as well known as, shall we say, Amazon but IMHO much (maybe most) of the DoS attacks done by 5cr|py lus3r5 are solely for that oh so burning feeling of having control and having power over something. I know; nothing new here.
The only problem with having control and power is the question if you are capable of dealing with it. Those DoS attacks proof to me that the most kiddies doing it aren't capable of handeling anything what so ever. Most are just loosers, nothing more, nothing less. And yes; this is easilly said but gimme a change to explain myself... In most cases starting up a DoS takes nothing more then knowing how to operate a program. Installing the exploit on some servers is in many (maybe even all) cases much easier then people claim it is. There are millions of servers on the net and not all of them are secured in the way they ought to be. If you really want a good amount of servers to attack someone you don't want to spend to much time on breaking into one. Heck; the longer it takes to set up / prepare your "DoS cluster" the higher the risk that your exploit gets discovered, allthough on some servers this risk isn't there alltogether. And once we're done its picking a target and voila.
Is this 3l33t? Nay, but this probably is the best these morons are capable off. If you can't beat 'm make their lives miserable. Dunno how to hack your way into a computer system? Disable it. Sure, it is a felony these d00ds are commiting but IMHO they don't deserve all the blaim. The more you mention them the more 3l33t they feel.
So why focus on the messenger while the real problems lies elsewhere? Everyone with a small piece of understanding knows where the problems lie yet no-one seems to care enough to do something against it. Hosting providers could make a start by checking the systems being put online. If it meets the security approval it can be placed online. When the system is one big security hole; tough luck. I truly believe this is technically possible. Only problem we are facing now is money and competition. If one hosting provider would start by setting up security "seals of approval" you can be sure it'll go bankrupt 'cause the competition won't.
And thats why I feel that those organisations are the real persons responsible. Not only that but they seem narrow minded as well. If they would invest the time and money (the money lost by customers who aren't capable nor willing to secure their box(es)) they would make the Net more secure while still keeping control of the freedom we are having now. If they don't then I'm pretty sure that one day a politician will get a brainwave and will "make" the goverment kick in and enforce all of this. I don't have to tell you that the latter option will probably bring more then just a "safer Internet". The more important the Net is becoming the higher the chances this scenario will unfold IMHO.
Probably the major problem with weblogs is the instantaneous feedback. Remember the ``flash crowds'' in Niven's teleportation stories (All the Bridges Rusting IIRC)? We have exactly the same phenomenon going on here.
How to fix it? Put some damping in the feedback loop by delaying the appearance of posts, while still assigning karma. The higher your karma, the sooner the post appears. Voila---the trolls and kiddies no longer get the instant gratification they want. What's the fun in working for fifteen minutes to hose a thread when you don't see the results for half an hour?
What??!! I hear you scream, half an HOUR? The discussion's dead meat by then!
Erm, no. Any comments worth reading now will be worth reading in half an hour, or even an hour later. Such a delay would also help damp the rush of mis-informed comments from those who haven't digested (or even read) the story, and thus the reflecto-flames from those offended by such witlessness.
Take any civil or electrical engineering or differential equations class, and learn why damping is good. (Check out the Takoma Narrows Bridge for a short course.) That's part of why you always hear the New York Stock Exchange results are ``delayed fifteen minutes''. (I suspect the other part is so the dealers can get their cut before the unwashed get a shot.)
Bottom line: Slow things down, it can only make them better.
I refuse to believe corporations are people until Texas executes one. -- desert rain on http://www.dailykos.com/user/
If Slashdot is truly sorry about what happened, how about donating a bit of their shiny hyper-powered VA resources to temporarily host kuro5hin?
"But why, (if I may be so bold) didn't anyone seem to care when Yahoo, CNN.com etc. were being brought down by attackers?"
Because those sites exist for one reason and one reason only - to turn a profit. Sure, their admins and staff care (that, to me, is part of doing a professional job), but only in the same way I care about my servers at work. I care because my employer pays me to care.
K5 was done because people WANTED to, not because they HAVE to. And that's why I do care about K5 getting DOSed, and I don't care about BT getting DOSed.
--
Peter
You could base the credit for the moderation on the number of people to moderate up after you moderated up.
So If i moderate a +5 article, I directly gain nothing but the previous four people who moderated it do gain. This means that the person that does the moderatation from 1 to 2 can quickly gain more power and the straggling 'me-too' people dont get as much.
Good idea, except for one thing...
It would be trivial for the attackers to change just a few letters at the end of the post, completely changing the MD5 hash.
What would probably work better is some sort of "diff" approach. If a post is "too similar" to a lousy one it would be rejected. It isn't actually that hard to do similarity checking, and the load is not that high. After all, even on a busy day Slashdot only gets about 3000 posts or so.
This would get rid of the Jenna Elfman, Penisbird, Latin Lessons, and other fools. (I read one of the stories at -1 yesterday. Unbelivable!) I wonder if this would count as censorship? Perhaps instead of deleting the post, the system should just instantly moderate it down to -1.
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
The bottom line is that they are incapable of producing their own works of art/skill/technical ability and their jealosy of those who can is sublimated into a childish "well I think that sucks, anyway" reaction, which develops into a hatred of anyone who can do it, from which the pleasure of un-doing other's work derives.
I speak from memory; I can remember these feelings from adolesence and they do still creep up from time to time. Adults control these feelings, children act on them.
I'm sure if you cast your own mind back and are honest with yourself you'll see there isn't any great need for papers on this - it's just (young) human nature.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
And very, very infuriating that the actions of one individual can take away something that has provided so much pleasure and information for so many.
If you, Mr Skript Kiddy, are reading this, beware. This is not the end of the story.
Speaking with Rusty and the gang on IRC I could feel the frustration and anger mounting since Monday.
I guess the best way of describing it is as if you provided a reading room of your *own* books, catalogued on your *own* time for people to use. And then one person came in, tore up the books, pissed on the floor and then disappeared.
It's a sickener and no mistake.
--
Peter
Is the future of the Internet a place where only the most well-monied companies can afford to defend themselves from the onslaught of attackers? Is popularity a death-sentance on the Internet? Sad, but it may come to that....
I will have to think twice about a few of the cool volunteer community sites that I had been thinking of building on my home systems.
I'm hoping to soon be running a discussion based site for non-techie users.
/. method works very well but it's perhaps a little complex trying to explain to less logically minded (or even arts students) people what moderator status is, let alone whether they should actually use it.
I was curious as to what methods of moderation were best to implement. Certainly I feel the
Since I expect this to be mainly student based lots of people will be connecting through webcache and proxy servers so trying to just stop more than X posts per IP per hour wont work.
What solutions can you guys think of that dont involve me checking every post (and as a pro-free speech type person i'm not keen to force my views on other people)
The whole /. cf K5 debate is a strawman. Michael dropped a bollock, and admitted it. End of story, film at 11.
/. more resistant to this type of attack is the fact that there are a couple (or more) people who look after this site *full time*.
/. is. Spam there once, and you'll get warned. Spam there twice, and you'll be banned. Trolls are deleted.
The only thing that makes
K5 is a *volunteer* effort. The people running it have fulltime jobs elsewhere. It's done for love, not money. The ads pay for hosting costs and suchlike.
It's also fundamentally different - it's not the free-for-all that
How this policy is going to scale up to the zillions of posts/users, I dunno. Sturgeon's law says 90% of everything is crap. Well, weeding the crap out of a couple of dozen posts is easy. Weeding the crap out of a couple of hundred, somewhat less so.
Maybe K5 will always stay low volume - there's no incentive for penis bird idiot fuckwit boy and his like there - because the one thing they feed on, seeing their posts, disappears.
--
Peter
Let's compound kuro5hin's problems with DOS attacks by posting not one, but 2 links to their site on the front page of /. That should definately help them get their bandwidth back...
------
No, you're wrong. It's not the amount of work that forced them to take the site down. The last three days you could see that the story queue and article comments were being flooded with garbage; due to the nature of the story queue (open construction), this is a bigger problem than it ever could be on /. And apart from that there where continuing DOS attacks - the site was difficult or impossible to reach, and lots of times you would get an 'internal server error'. So it's not a question of hard work, but it was more & more impossible to keep the site up.
How to make a sig
without having an idea
It is a weblog, like SlashDot. You create yourself a login, post stories, and discuss them.
However, there are some significant differences. Probably the main one is that the submission process is open - you can see the stories that are waiting to be posted, comment on them (either on an editorial "fix-that-link" level or on a topical level) and then vote on whether the story should be posted or not.
The other difference is that there is no karma - individual comments can be rated, and you can rate comments all the time, rather than waiting your turn for moderator points.
Other differences include the fact that K5 is a volunteer effort, there's no non-censorship policy (trolls/spam/rubbish get deleted) and it's non-profit.
When it returns, pay it a visit. You won't be sorry.
--
Peter
I've been reading k5 for about six months now and IMHO it was just starting to really take off, probably about the same time rusty introduced the new story moderation system. There have been some great discussions there in the last few weeks - the site probably has a broader focus than /. thanks to its user-moderated story system and it generates a lot of good points.
It's sad that people feel the need to do this. Does anyone remember the two stories that got spammed to death here on /.? One of the posters on k5, fluffy grue, owned up to those, saying he was bitter at how /. had turned out and thought he'd leave with a bang. Some people really need to stop taking these things so personally - if you don't like a site then find another or start your own, don't react like a petulant child.
Anyway, I hope rusty can get k5 up and running again, because it would be a great shame for a site to be shut down because of the actions of one sad little person with nothing better to do than attack others.
P.S. Is someone doing the same to /. as well? It seems to be awfully shaky recently.
I literally just started taking a liking to the site, and was really getting into the atmosphere they had. I'm quite disappointed (yet again) that we're going to have to fight off people doing this sort of thing for fun.
One possibility is to turn off his 'Anonymous Hero' functionality for the time-being. Rusty's site has email verification for new accounts; should the spammer start manufacturing email accounts it may be easier to track him down, and even if not, you can delay the auto-verification emails to once an hour. It's also likely easier to add a 5-post a day limit to a particular account than it is to an anonymous user.
Another temporary solution would be to only allow logged-in users to post/submit as Anonymous Heros. A bit backwards, but combined with the items above, could make it easier to track down the yucksters and reduce spam in the meantime.
These temporary measures are certainly not ideal, but tough times call for tough measures. These work better on kuro5hin than they would on a bigger site like slashdot. Hopefully they will frustrate the spammers long enough that they can grow up, or at least let the site exist in a 'police-state' while they come up with more savvy protection.
Just because you're floating doesn't mean you haven't drowned. - They Might Be Giants, Dark and Metric
No! I'm not advocating for big brother. Let me give a small example. Kuro5hin should have turned off (via firewall/packet filter) the abusers. The other people who used addresses in those same ranges would have the recourse of going to their ISP and getting the miscreants kicked off. Then, kuro5hin could turn the IPs back on. It's a "little brother" approach, the typical way social systems worked in the old days in small towns, where the vandal's mother generally knew about the vandalism before the perp got home.
It's a little bit the way ORBS works, and though they attract a lot of anger, it seems to work pretty well to me. If the trust network got ubiquitous enough, even large criminal conspiracies like Network Solutions could be brought under control.
I think it starts with ISPs cooperating in attacking abuse.
But anyways, Last week Cryptome suffered a hard icmp attack becasue of information they had pertaining to a CIA document about Japan.
Can anyone point me to some articles that pertain to the psychology of script kiddies and their thinking of WHY they want to attack and destory other computers with such non-sense? I remember the thread posted here on slashdot a while back, but I browsed through it a few times and didn't find anything I'm looking for...
Who's the black private dick, who's a sex machine for all the chicks?
Okay, i can understand you volunteer to work on a community site without getting paid for it. I also understand you have a lot of work to do, so keeping security at the optimum level is prolly out of the question. I also understand you don't like it if someone phuxors up the site that you put so many (unpaid) hours into. I even understand you get pissed. What i don't understand is the reaction to this particular action: closing down the site... I mean: if the damage was too big, put back a backup (i recon you have backups). Shit happens. Not only on the Net. And the more shit happens on the Net, the more it's a sign that people are actually doing things with it. Isn't this precisely what geeks have been wanting? A free internet for everyone? Then accept a mishap every now and then. The only thing that really got cranked was your pride. Take a good night's sleep, and get over that. You cannot pull the plug from a site you've worked on with pleasure. You cannot give those little bastards that satisfaction.... Just keep your chin up!
The Jon Erikson type trolls make a certain degree of sense.
As the real poster behind Jon Erikson I can honestly say that people like myself, osm, gnarphlager etc. all like /. and don't want to see it ruined at all. What we do isn't aimed at breaking /. and we all hate idiots like Penis Bird Guy as much as anyone.
Things like Patrick Bateman and hot grits have become funny in the same way a running joke does, and because they are only one comment per article. The cut 'n' pasters are all cunts IMHO and add nothing to the conversation at all.
There was a brief report in Wired on Monday, and John confirmed in email last night.
I have no idea if this is a new trend in sites targetted for DoS attacks, but definitely it is not good.
Its user base was much smaller than Slashdot, and as of the time the attacks started, discussion tended to be more "useful" than what we have here at Slashdot now, since it hadn't attracted the attention of most of the internet. I've been around Slashdot long enough that it reminds me of what this place used to be like in the early days (from my perspective, late 1997 - early 1998).
If you want to have an idea of what the flavor of Kuro5hin was, have a look at scoop.kuro5hin.org, the development site for the scoop engine, the back end of Kuro5hin. I assume the engine is still under development despite the shutdown, and I certainly hope it continues to be developed in the face of all this crap.
I'm not dumb enough or idealistic enough to have expected that Kuro5hin wouldn't have eventually been overrun with the same kind of gargage that Slashdot gets every day, and I don't expect that it will never happen again to sites like Slashdot or Kuro5hin again either. It's sad, but probably just a fact of life that we're just going to have to deal with idiots. Slashdot has shown that technical solutions aren't capable of solving other peoples' personal problems, even though they can seem to make them manageable. I guess the fact of the matter is that no amount of good coding (or bad coding either, for that matter) can keep a jackass from being a jackass.
-------
Ok, this is not fool proof - but it could eliminate about half of the annoying & redundant posts we see on slashdot each day.
Before the post is published on slashdot, you could take the md5 hash code of the post.
As the post gets moderated down, the corresponding hash code of the post would then be updated to keep a tally count of how many times that particular hash code / post was moderated down.
Now, if a user decides to submit a new post to slashdot, the md5 hash code is taken and compared with all the previous hash codes. If a code matches, then the tally count is retrieved. If the tally count is more than three, slashdot will refuse the user to post.
The md5 hash codes are used for efficiency (much easier to match bit pattern of a hash code then 1000's of bytes of ascii code!)
This would not work well if the abusing user decides to spam slashdot with random garbage. However it might be useful if it worked in combination with the 60second ban, lameness filter etc.
You could also implement an automated process that will change the values of the name="whatever" parameters in the HTML tag to crush those automated posting scripts. (a process will need to change the script source as well) Or have some sort of token value hidden in the form - and only a client that posted with the current token can be accepted.
Congratulations! You've just invented a secondary meaning of the word 'slashdotted!'
Slashdot, v.
1. To bring an Internet site, esp. one with an HTTP server, offline due to excessive demand for its contents as a result of its mention on Slashdot. "Let's hope that memepool doesn't get slashdotted by this..."
2. To destroy what might otherwise be an intelligent public discourse by flooding it with nonsense or deliberately offensive or stupid garbage. "Looks like George and Al are trying to slashdot the election."
--
-jacob
-jacob