DoubleClick Hit by DDoS Attack
YetAnotherName writes "The Washington Times is reporting that everyone's most beloved online advertising distributor, DoubleClick, was subject to a DoS attack crippling the company's DNS servers, and preventing up to 75% of advertising from making it to web pages and surfers' eyes."
Trying to get rid of traffic they don't want to see... sounds like trying to get rid of adds we don't want to see.
ogg
Black cat, searing pain, flames...? I must be in Heaven! - Homer Simpson
The issue wasn't that Double Click had problems, but that every site that uses them become very slow.
Until the basic routing infrastructure of the net changes, this is going to be a common issue anytime a number of big sites all require another organization to serve up their pages (e.g. Akamai).
I'm a little disappointed that a group of fairly die-hard anti-doubleclick geeks could only hobble it a few hours at 75%...it may simply have been more effective to introduce a nasty virus into their network, so we'll just call this attack a symbolic way to raise awareness of this historically nasty company. I much rather have heard that a more intrusive and smaller company like CoolWeb was attacked.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
Yes. Also, keep in mind that this didn't only hurt doubleclick - it also hurt the webmasters that used doubleclick ads on their site. For some, a day's worth of ad revenues may be the difference between being able to eat one day or not.
Likewise, cracking down on drug abuse doesn't only hurt dealers - it also hurts the junkies.
Some of us are of the opinion that while in the short term the people who are hurt by restricting despicable activities may deserve our sympathies, perhaps in the long term they would be better off finding a more socially acceptable way of life?
Or, you can do what I did for Safari, and use a .css that blocks out ads featuring the typical properties of ads.
It also adds a little unicode email character next to email links, and colors java or javascript links green.
That CSS file that blocks ads
Would a cracker 127.0.0.1'ing doubleclock via a worm or virus be a black hat or a white hat?
May we never see th
I wrote my own spam filter. One of things it does is decode the message body, isolate those web addresses, then perform a simple blacklist/whitelist check on both the web server name and IP address. It turned out that, on average, every IP address was the home of three or four names.
That may not be a representative sample, though. Most of my spam is rejected by one of the DNSBLs; only mail that makes it over that hurdle actually gets the message body checked. That comes out to (usually) less than 10 web-server-based rejections per day.
But hey, I'm not going to complain. I average about one piece of spam every five days or so.
Am I the only one, who after reading the doubleclick DoS article here found that their usage of the term 'hackers' was really rather....stupid? Something to that point? After reading the Great Hackers article, anyways... Surely I can't be the only one who was bugged by this.
It's worth noting that the attack on DoubleClick, which is an Evil Corporation (TM), also affected the ~900 sites that use DoubleClick to serve their ads. Those sites had to wait for their ad cycle to time out or something (IANAWD). So quite a few web sites were affected, with slow loading times. Sites that disabled DoubleClick ad banners had to deal with the fact that, for the better part of a day, they lost all banner revenue. So in the end, this DDOS was probably just a Bad Thing (TM).
If my answers frighten you, stop asking scary questions.
http://adzapper.sourceforge.net/
a nifty plugin for squid. does more than just remove ads, it replaces them with a 'this ad zapped' image / swf, so pages don't render weird.
it's written in perl so it's easy to hack and is easily configurable.
I block ads, then when I open sites I use regularly I either make a donation, or just unblock ads and click all the links. If they lead to something intereseting, I'll often buy it. /. generally has well targeted ads, so I don't often block OSDN stuff. Nor do I block google's text ads, as they are often quite useful.
Not a sentence!
I found the PreferenceBar extension really useful. I just unclick the "JavaScript" checkbox, and the pages speed up again. Now, if only I could create a plugin that does site-specific JavaScript blocking...
Opinions my own, statements of fact may contain errors
That may explain why so many web pages with doubleclick ads have been loading so slowly lately. It has been really annoying; in many cases the rest of the page won't display until the add is finished loading.
I have an urge to give a snotty "you block a whole site because of their ads? Isn't that excessive"?
But that is kind of the point - I am sure that you can justify using the site without the ads. Justification is the parlor game of most internet power users. I just don't see it that way. If I walk into a bar with a two drink minimum, even if it is not enforced, the right thing to do is order two drinks. I'll sit at a diner for hours with a cup of coffee, but I won't do it during a mealtime rush. These are things that aren't illegal, but are merely rude; you are taking advantage of the proprietor.
How is blocking the ads but using the site not an immoral act? Not a terrible one like cheating on your wife, but mild one like skipping on the two drink minimum or leaving a lousy tip?
I tip well, I follow the rules, both official and unspoken of an establishment that I enjoy, and I leave the ads on if I read the site. The glee of saving a few bucks by not leaving a tip is tempered by recognizing that there's a waitress who you just screwed. Is it because you can't see the work that the author put into the site? Is it moral because you don't see the website employees you've (mildly) screwed over?
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Check out the 2 year graph. I think it puts things in perspective. http://www.alexa.com/data/details/traffic_details? &range=2y&size=large&compare_sites=slashdot.org&ur l=http://www.doubleclick.com#graph
"just do it."
"takes a licking and keeps on ticking."
if any of these phrases bring a companies name to mind, and any ideas about that company, then youve been affected by advertising more than you think. its branding, and you dont have to interact with an ad to be affected by it. a big part of marketing is just letting people know a company exists, not making you buy a product then and there. :-P
OSDN uses doubleclick.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
But that wasn't what I was saying. I'm saying, if the staff of the bar was rude to you, perhaps saying something insulting to you, or giving you a really hard time when you tried to order something... well, you might be moved to be rude in return to them, and not really care about ordering the minimum 2 drinks. Even if you wouldn't, certainly there are a lot of other people who would.
In the case of web sites, the sites are being rude by popping up windows that must be moved, and flashing bright colors that are distracting. In fact, many ads will do everything they can to take your attention away from the real content of the site so that you will look at the ad instead. By serving up these kinds of ads, the owner of the site has been rude to me. Therefore I am moved to be rude in return, and remove all such distractions from my screen.
Text ads, on the other hand? Those are fine with me. Because they aren't so rude.
Doing that will make them unblockable since the ads and the content are being served from the same IP address. However, there is nothing to stop someone with coming up with a clever HTML rewriter plugin/browser to strip out the content (readable text and meaningful binary content files) and make a simplified version of the (likely ad-ridden) original page.
My firewall program cannot detect deliberately broken up 'SCRIPT' tags via the document.write Javascript function--otherwise Google's AdSense advertising would be blocked too. If I didn't need Javascript, I could turn it off at the browser level and kill these ads as well.
Simple, HTML-only, text-based ads for me, thank you very much (works for Google)--I am on 'sessioned', time-limited dailup and cannot waste time downloading an (animated) ad banner image, or an (obnoxious, animated) shockwave ad.