DoubleClick Hit by DDoS Attack

YetAnotherName writes "The Washington Times is reporting that everyone's most beloved online advertising distributor, DoubleClick, was subject to a DoS attack crippling the company's DNS servers, and preventing up to 75% of advertising from making it to web pages and surfers' eyes."

DoubleClick is still around?

It's been so long since I've seen an ad I forgot about them.

Re:Sad news

[byolinux]

I don't think I've seen a banner ad in a year or so.

I used IE the other day for the first time in ages, and was surprised by a popup.

Old News for Nerds, Stuff that's Days Old

[dsanfte]

Seriously, Slashdot needs to shape up, or stop trying to be a news site. This happened yesterday. If you can't get your editors to greenlight stories faster than 24hours in advance, let subscribers do it like Fark does.

I didn't notice

[Patik]

I've had the following in my HOSTS file for a while now

0.0.0.0 ad.doubleclick.com
0.0.0.0 ads.doubleclick.net
0.0.0.0 ad2.doubleclick.net
0.0.0.0 ad3.doubleclick.net
0.0.0.0 ad4.doubleclick.net
0.0.0.0 ad5.doubleclick.net
0.0.0.0 ad6.doubleclick.net
0.0.0.0 ad7.doubleclick.net
0.0.0.0 ad8.doubleclick.net
0.0.0.0 ad9.doubleclick.net
0.0.0.0 ad10.doubleclick.net
0.0.0.0 ad11.doubleclick.net
0.0.0.0 ad12.doubleclick.net
0.0.0.0 ad13.doubleclick.net
0.0.0.0 ad14.doubleclick.net
0.0.0.0 ad15.doubleclick.net
0.0.0.0 ad16.doubleclick.net
0.0.0.0 ad17.doubleclick.net
0.0.0.0 ad18.doubleclick.net
0.0.0.0 ad19.doubleclick.net
0.0.0.0 ad20.doubleclick.net
0.0.0.0 ad.ch.doubleclick.net
0.0.0.0 ad.ca.doubleclick.net
0.0.0.0 ad.de.doubleclick.net
0.0.0.0 ad.fr.doubleclick.net
0.0.0.0 ad.jp.doubleclick.net
0.0.0.0 ad.nl.doubleclick.net
0.0.0.0 ad.no.doubleclick.net
0.0.0.0 ad.uk.doubleclick.net
0.0.0.0 ln.doubleclick.net
0.0.0.0 m.doubleclick.net
0.0.0.0 m2.doubleclick.net
0.0.0.0 iv.doubleclick.net
0.0.0.0 ebay.doubleclick.net

Lameness filter randomness: eed d ed wdwe de ff g v fdovk fok fb f osvi jfvioj asv d vp vv jspavj spav dsv aspdvj ede oijf o greg ewrg

Re:I didn't notice

[owlmon]

> I've had the following in my HOSTS file for a while now
>
> 0.0.0.0 ad.doubleclick.com
> 0.0.0.0 ads.doubleclick.net
> ...

Some alternatives that are fun:

1. Install privoxy from sourceforge.net. This is a local http proxy that allows you to filter out web content using regular expressions. So you can easily blank out any URL that contains the string "doubleclick." This is easier and more complete than trying to enumerate all the hostnames that Doubleclick Inc. uses. Privoxy is multi-platform; you can use it under Linux, Windows, etc.

2. Install posadis from sourceforge.net. This is a caching DNS server that you can install on your computer. It allows you to control how domain names (like *.doubleclick.net) get resolved by ALL the programs on your computer. I use it to essentially blackhole domains that I don't like. Once again, this is a multi-platform project. In particular, under Windoze, it runs as a service. It has an irritating bug: under Windoze, it will occasionally start using 100% CPU. When this happens, you have to restart the posadis service. A hassle, verily. But I enjoy having the control that derives from running my own DNS server.

3. Use a firewall (hardware or software) to block out numeric IP addresses. For example, 216.73.92.112 is www.doubleclick.net, so it should be blocked. I used to use this approach. I liked the idea of absolutely blocking any packets going to or from the bad guys, regardless of the DNS name used. The problem with this approach is that outfits like doubleclick.net will use a ton of different numeric IP addresses, and it's difficult to keep up with them.

Re:I didn't notice

[Rie+Beam]

I should mention there's a firefox extension that blocks ads based on regular expressions. Yet another reason to drop IE.

Re:I didn't notice

[magefile]

You can't use *.doubleclick.*? I do that in adblock. Granted, the hosts file and adblock are two totally different beasts, but I'm surprised the hosts file doesn't support regex.

You know, I never noticed.

[Beardo+the+Bearded]

Thanks, Mike!

I rarely see ads in either IE or Mozilla.

Re:Sad news

[adam+mcmaster]

I agree, adblock is very useful.

Re:Sad news

[byolinux]

Adblock most of the time or PithHelmet for those Safari Moments.

Re:Sad news

[JPriest]

Not that box, I am pinging their primary DNS server and still getting a reply, they have 4.

ns1.doubleclick.net
ns2.doubleclick.net
ns3.doubleclick.net
ns4.doubleclick.net

This way you can check your networks to see if any machines are hitting these DNS server. I am going to keep my ping going to make sure ns1 stays online. j/k

You can do your part to reduce the load by adding doubleclicks ad-servers to your /etc/hosts file as 127.0.0.1 (this can be done in windows too).

Thank you MyDoom!

Thanks Mydoom! =)

I didnt notice though.. those are blocked anyway

Id recommend everyone add this to their hosts file:

127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.free6.com
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.iwin.com
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.kr.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.se.doubleclick.net

Old news

[EvilStein]

IF this isn't a second DDoS, then this happened a couple days ago already.

Re:Sad news

Or a host file update! I use the host file from this website: http://www.mvps.org/winhelp2002/ it's updated every month. That in conjunction with Firefox and no ads! Yay!

Re:Sad news

[Pharmboy]

I use this little thing called a "hosts" file, so my IE popups are all blank ;) stuff like:

127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net

except I DO allow ads.osdn.net because im a nice guy and dont mind looking at the purdy pictures from them (and they are not usually popups). I found the hosts file here on /., with about 100 lines of entries.

Re:Sad news

[rmohr02]

Why 127.0.0.1 instead of 0.0.0.0? Wouldn't you rather the requests for files go nowhere as opposed to right back at your machine?

Re:Sad news

[Pharmboy]

Have you tried firefox?

I have it installed on this box, along with IE. I still use IE half the time. I use mozilla on my linux boxes, but (i hate to say it) there are are certain aspects of IE that are more comfortable, or at least more familiar. Keep in mind, im an old geek, not a hobbiest. Been using Linux and GNU software for years and it is catching up very fast, but I still use the tools that make me more productive, and IE fits that bill at least half the time. The pops ups don't annoy me as bad as they used to, now that they are all blank pages.

Oh, i found that hosts file address here. I chang a few lines for my uses (travelocity.com and osdn.com for instance) because it may break a few things, like Pogo, but its a great template for a hosts file if you customize it a bit for yourself.

Re:Quick refresher on how the "FREE" sites work...

[dsanfte]

Ad blocking is something caused by a social dynamic, and as such appeals for single individuals to unblock ads in order to "save the site" are utterly futile. It makes zero difference. People hate ads.

Five people listening to you isn't going to save the web advertising industry any more than me convincing (at great personal effort, mind you) five people to stop pirating Photoshop is going to see a noticeable increase in revenues for Adobe. It is not a statistically significant number, and all it ends up doing is hurting the individuals.

Lastly, on the subject of "innovation". You know those piracy statistics software companies put out, so they can point to them and say "This is why software prices are so high! Piracy!"? Please tell me, have you ever heard of a company dropping prices because their sales went up?! The very thought of it is insane.

Piracy, like ad blocking, in the end, is caused by social dynamics that no single invididual bucking a trend could ever hope to reverse.

Re:Sad news

[JPriest]

Becasue it takes a long time for nowhere to reply.

Re:Sad news

[Elwood+P+Dowd]

Ok, I realize

you are joking

alexa is crap
but doubleclick doesn't give a flying fuck about slashdot.

Re:Sad news

[Trent05]

These might be useful too. I direct em' to 0.0.0.0 cause I'm gangsta. :P

1.primaryads.com
a.tribalfusion.com
ad.doublec lick.net
ad.aboutwebservices.com
adlog.com.com
ads.accelerator-media.com
ads.ebaumsworld.com
ad s.nwsource.com
ads.vnuemedia.com
ads.weather.com
ads.webtender.com
ads.x10.com
ar.atwola.com
a sg01.casalemedia.com
c.casalemedia.com
c4.maxser ving.com
clk.admt.com
g.msn.com
isg01.casalemed ia.com
isg02.casalemedia.com
isg03.casalemedia.c om
isg04.casalemedia.com
isg05.casalemedia.com
media.fastclick.net
mediamgr.ugo.com
oas.foxnews .com
oascentral.premierinteractive.com
oascentra l.theonion.com
oascentral.washingtontimes.com
pa gead2.googlesyndication.com
rd.yahoo.com
regman. freeze.com
rightmedia.net
servedby.advertising.c om
shopping.msn.com
spe.atdmt.com
us.ard.yahoo. com
view.atdmt.com
www.googleadservices.com
www .kinghost.com
xads.zedo.com
z1.adserver.com

Apparently the lameness filter dosen't like me just copy and pasting my hosts file.

Re:Quick refresher on how the "FREE" sites work...

Want to keep the subscription sites down and keep the free web up? Leave the banner ads be. Hell, click on them once in a while. If the advertisers and website are satisfied with how their ads are doing, they'll be less aggressive and less likely to piss you off.

Simply clicking on ads is not going to please the advertisers. They are advertising because they hope you will buy their product or service, not just that you will see their ad. Click on all the banner ads you want; if you never buy anything after clicking on an ad, you are not supporting the advertiser. Yes, clickthru rates may be one metric that determines how much money your favorite free site gets from an advertiser, and in that way you can support a site by clicking on the ads, but that advertiser will stop advertising on the site entirely if they aren't getting a return on their investment.

Meanwhile, by the time the ads are blocked by your proxy or whatever, your favorite site has already cashed its check and taken the advertiser's money. You should not feel guilty about browsing free sites while blocking or ignoring ads. I liken it to television advertising; when was the last time you felt guilty about getting up for a sandwich during the commercial break on your favorite show? You shouldn't, of course. The people who made the show have already been paid by the time you see it. It is the advertiser who risks losing income when people ignore ads.

Re:Quick refresher on how the "FREE" sites work...

[strider44]

I like using AdBlock with the setting to just hide the ads instead of not download them at all activated. This doesn't really hurt anyone (I don't usually look at the ads anyway, and refuse to click it even if it is tempting and catching my eye, so the ad companies don't really lose money, and the site still gets their view).

Re:Sad news

[Read+Icculus]

Use a real hosts file, like This one . It's massive, constantly updated, and formatted nicely to show you how to redirect slashdot.org to "s".

Re:Sad news

[kuiken]

copy this to a file and import to adblock and you'll almost never see an add again

[Adblock] /(hot|spy)log/ /[\W\d](double|fast)click[\W\d]/ /[\W\d](onlineads?|ad(banner|click|-?flow|frame|im a?g(es?)?|_id|js|log|serv(er|e)?|stream|_string|s| trix|type|vertisements?|v|vert|xchange)?)[\W\d]/ /[\W\d]click(stream|thrutraffic|thru|xchange)[\W\d ]/ /[\W\d]dime(xchange|click)[\W\d]/ /[\W\d]value(stream|xchange|click)[\W\d]/ /[\W\d_](top|bottom|left|right|)?banner(s|id=|\d|_ )[\W\d]/ /[\W_](b(an|nr)s?|jump|redir(ect|s)?|stat)[\W_]/ /\/buy_assets\// /\D\d{2,3}x\d{2,3}\D/ /\W(cy|r)?c(ou)?nt(er|ed)?\W/ /p(artner|ing\.cgi|romotion)/ /sp(onsor|ymagic)/ /top(100|cto)/
googlesyndication
http://a.as-us. falkag.net/dat/bgf/*
http://view.atdmt.com/MSN/iv iew/*
reklama
us.yimg.com/a/