Latest MyDoom Variant Gives Google Problems
Devil's BSD writes "It seems like the latest MyDoom worm variant has caused a bit of an Internet storm. Google, at this time (12:28 EDT), is returning 503 errors on all queries submitted from certain locations. The MyDoom variant searches the user's address book for email domains (i.e. @yahoo.com) and searches various engines (such as Google) for email addresses in that domain."
Webmasterworld has an interesting thread which details the problems are user agent and locality specific (for me in SoCal IE and Firefox are borked, Konqueror is working, but others report no problem with Mozilla or no problems in certain locals).
How do I keep track of people who are fingering
I got the "forbidden search" error as well. I'm curious what the apparently encrypted string at the bottom of the page contains? The page says to include it in any correspondence to the Head Googlers. If another person runs the search, will they get a different string? I'd think so -- it probably includes referrer-ID and IP address.
It starts and ends with a string of "/+" characters that give the Slashdot Lameness Filter fits.Notice the text string "taco" about 2/3 of the way through the file. Coincidence?
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
There have been many reports recently of virus writers attempting to blackmail companies. Having this virus, an obvious DDoS attack on Google, happen the same day that Google announced the price of its IPO shares is just what you would expect if the Google didn't pay the blackmail.
I don't know how we'll ever be able to test this hypothesis, but I think that something stinks here.
thad
I love Mondays. On a Monday, anything is possible.
This is the 403 Forbidden I get when submiting a gmail address... The most thourough 403 I've ever seen.
/search?q=anything@gmail.com&ie=UTF-8&oe=UTF-8 from this server. (Client IP address: [xx.xx.xx.xx])
... Otherwise the service works as usual here in Scandinavia.
Forbidden
Your client does not have permission to get URL
Please see Google's Terms of Service posted at http://www.google.com/terms_of_service.html
If you believe that you have received this response in error, please send email to forbidden@google.com. Before sending this email, however, please make sure to take a look at our Terms of Service (http://www.google.com/terms_of_service.html). In your email, please send us the entire code displayed below. Please also send us any information you may know about how you are performing your Google searches-- for example, "I'm using the Opera browser on Linux to do searches from home. My Internet access is through a dial-up account I have with the FooCorp ISP." or "I'm using the Konqueror browser on Linux to search from my job at myFoo.com. My machine's IP address is 10.20.30.40, but all of myFoo's web traffic goes through some kind of proxy server whose IP address is 10.11.12.13." (If you don't know any information like this, that's OK. But this kind of information can help us track down problems, so please tell us what you can.)
We will use all this information to diagnose the problem, and we'll hopefully have you back up and searching with Google again quickly!
Please note that although we read all the email we receive, we are not always able to send a personal response to each and every email. So don't despair if you don't hear back from us!
Also note that if you do not send us the entire code below, we will not be able to help you.
[long-ass-code removed]
Google has a lot of computer scientists and techies, and all they need to do is write a quick regex to match these "banned" searches, slap a 72-hour ban on any IP that's the source of more than, say, 1000 "banned" searches in a day, reply with a static page that says "SOL, your request came from an infected computer, contact your sysadmin" and then start looking for a more fundamental and elegant solution for a long-term fix.
They'll have this patched over in less than 24 hours, for certain.
May we never see th