DoubleClick Hit by DDoS Attack

YetAnotherName writes "The Washington Times is reporting that everyone's most beloved online advertising distributor, DoubleClick, was subject to a DoS attack crippling the company's DNS servers, and preventing up to 75% of advertising from making it to web pages and surfers' eyes."

Sad news

[Lord+Grey]

... subject to a DoS attack crippling the company's DNS servers ...

It is truly sad when Internet blackhats target a large, upstanding company like ....

Oh, wait. It was DoubleClick?

Can I donate some computer time?

Re:Sad news

[byolinux]

I don't think I've seen a banner ad in a year or so.

I used IE the other day for the first time in ages, and was surprised by a popup.

Re:Sad news

[dfurie]

I think you're on to something. I think its time to give up on SETI and Folding@home and make a new distributed project to better man-kind; a doubleclick DDoS'er.

Re:Sad news

[adam+mcmaster]

I agree, adblock is very useful.

Re:Sad news

[Compholio]

When they arrest the guy who did it we should put together a paypal donation to take care of his legal costs.

Re:Sad news

[eegad]

Was this some other DoS attack besides posting their URL on Slashdot?

Re:Sad news

[byolinux]

Adblock most of the time or PithHelmet for those Safari Moments.

Re:Sad news

[JPriest]

Not that box, I am pinging their primary DNS server and still getting a reply, they have 4.

ns1.doubleclick.net
ns2.doubleclick.net
ns3.doubleclick.net
ns4.doubleclick.net

This way you can check your networks to see if any machines are hitting these DNS server. I am going to keep my ping going to make sure ns1 stays online. j/k

You can do your part to reduce the load by adding doubleclicks ad-servers to your /etc/hosts file as 127.0.0.1 (this can be done in windows too).

Re:Sad news

[adam+mcmaster]

It's almost as if they don't think of the people visiting their site as customers

That's because they don't. They were referring to the people who pay them to place their ads; the people who click on the ads would be Doubleclick's customers' customers.

Re:Sad news

[LOL+WTF+OMG!!!!!!!!!]

Or, you can do what I did for Safari, and use a .css that blocks out ads featuring the typical properties of ads.

It also adds a little unicode email character next to email links, and colors java or javascript links green.

Re:Sad news

[0x0d0a]

Would a cracker 127.0.0.1'ing doubleclock via a worm or virus be a black hat or a white hat?

Re:Sad news

Take comfort in the fact that while you wish you could be that dumb, he wishes he could also mangle humor to the point that no one finds it funny.

Re:Sad news

[JabberWokky]

Am I the only person left who thinks it is unethical to use a person's site and block their ads? I find it deeply troubling that there are many people who work for or would like to work for internet companies that turn around and bite the prevailing revenue source for those same companies.

You can argue all you want, it is a matter of personal belief. I consider it to be something that should not be made illegal, but also something that is terribly impolite to do and does have a negative effect upon something that you like enough to patronize.

It's kind of like when the cool coffee house with all the great local bands closes down because nobody bought any coffee. Everybody bitches how much it sucks, but never connects that they were taking up a chair for four hours without buying a drink.

If you like the site, how about some respect for the people who work on it? Common decency appears to be growing much less common.

--
Evan

Re:Sad news

[Pharmboy]

Have you tried firefox?

I have it installed on this box, along with IE. I still use IE half the time. I use mozilla on my linux boxes, but (i hate to say it) there are are certain aspects of IE that are more comfortable, or at least more familiar. Keep in mind, im an old geek, not a hobbiest. Been using Linux and GNU software for years and it is catching up very fast, but I still use the tools that make me more productive, and IE fits that bill at least half the time. The pops ups don't annoy me as bad as they used to, now that they are all blank pages.

Oh, i found that hosts file address here. I chang a few lines for my uses (travelocity.com and osdn.com for instance) because it may break a few things, like Pogo, but its a great template for a hosts file if you customize it a bit for yourself.

Re:Sad news

[Captain+Nitpick]

That's because they don't. They were referring to the people who pay them to place their ads; the people who click on the ads would be Doubleclick's customers' customers.

The people who click on the ads are Doubleclick's product.

Re:Sad news

[JPriest]

Becasue it takes a long time for nowhere to reply.

Re:Sad news

[Elwood+P+Dowd]

Ok, I realize

you are joking

alexa is crap
but doubleclick doesn't give a flying fuck about slashdot.

Re:Sad news

[Trent05]

These might be useful too. I direct em' to 0.0.0.0 cause I'm gangsta. :P

1.primaryads.com
a.tribalfusion.com
ad.doublec lick.net
ad.aboutwebservices.com
adlog.com.com
ads.accelerator-media.com
ads.ebaumsworld.com
ad s.nwsource.com
ads.vnuemedia.com
ads.weather.com
ads.webtender.com
ads.x10.com
ar.atwola.com
a sg01.casalemedia.com
c.casalemedia.com
c4.maxser ving.com
clk.admt.com
g.msn.com
isg01.casalemed ia.com
isg02.casalemedia.com
isg03.casalemedia.c om
isg04.casalemedia.com
isg05.casalemedia.com
media.fastclick.net
mediamgr.ugo.com
oas.foxnews .com
oascentral.premierinteractive.com
oascentra l.theonion.com
oascentral.washingtontimes.com
pa gead2.googlesyndication.com
rd.yahoo.com
regman. freeze.com
rightmedia.net
servedby.advertising.c om
shopping.msn.com
spe.atdmt.com
us.ard.yahoo. com
view.atdmt.com
www.googleadservices.com
www .kinghost.com
xads.zedo.com
z1.adserver.com

Apparently the lameness filter dosen't like me just copy and pasting my hosts file.

Re:Sad news

[JabberWokky]

That sword cuts both ways - if a site uses ads any more obtrusive than a google ad, I block it

I have an urge to give a snotty "you block a whole site because of their ads? Isn't that excessive"?

But that is kind of the point - I am sure that you can justify using the site without the ads. Justification is the parlor game of most internet power users. I just don't see it that way. If I walk into a bar with a two drink minimum, even if it is not enforced, the right thing to do is order two drinks. I'll sit at a diner for hours with a cup of coffee, but I won't do it during a mealtime rush. These are things that aren't illegal, but are merely rude; you are taking advantage of the proprietor.

How is blocking the ads but using the site not an immoral act? Not a terrible one like cheating on your wife, but mild one like skipping on the two drink minimum or leaving a lousy tip?

I tip well, I follow the rules, both official and unspoken of an establishment that I enjoy, and I leave the ads on if I read the site. The glee of saving a few bucks by not leaving a tip is tempered by recognizing that there's a waitress who you just screwed. Is it because you can't see the work that the author put into the site? Is it moral because you don't see the website employees you've (mildly) screwed over?

--
Evan

Re:Sad news

[thrillseeker]

that is kind of the point - I am sure that you can justify using the site without the ads.

Sure I can justify it - I'm not going to eat a bowl of shit just to get to the cherry.

Abusive ads are ignored in any way possible (adblock, making a note to never buy anything from that company, never visiting the site again, whatever) by everyone who visits a site in some way, either mentally or physically. If it blinks, wiggles, flashes, has sound, pops up, pops under, moves around, or is just plain ugly it gets ignored from then on - forever if it has any moving parts. Sites that elect to serve such abusive ads will eventually go out of business. Sites that make an effort to serve relevant and simple ads will still be around - some of them that make a serious effort to "do no evil", such as google, will even make money.

Re:Sad news

[Read+Icculus]

Use a real hosts file, like This one . It's massive, constantly updated, and formatted nicely to show you how to redirect slashdot.org to "s".

Re:Sad news

[shaitand]

I felt that way once, but then I figured out the great secret. Whatever the features are of IE that give you that comfort, bitch here on slashdot about Mozilla not doing it. BAM within 5minutes you'll have 12 extensions that make moz/ff behave just that way. Be sure to mention IE does whatever it is though, if you don't it won't work as well.

Seriously, try it.

Believe it or not, it usually gets a faster response than "I just wish linux did... windows does it".

DoubleClick is still around?

It's been so long since I've seen an ad I forgot about them.

Good or bad?

[EdZ]

I'm not sure whether the encouragement of DDOS-ing even 'evil' companies should be encouraged.

Re:Good or bad?

[adam+mcmaster]

I agree, this sort of thing has an effect on many people other than the intended victim; as someone who works for a hosting company (admittedly a small one, but hey) I can tell you how annoying it is when your chosen datacenter is taken down by this kind of thing.

Re:Good or bad?

[irokitt]

It's worth noting that the attack on DoubleClick, which is an Evil Corporation (TM), also affected the ~900 sites that use DoubleClick to serve their ads. Those sites had to wait for their ad cycle to time out or something (IANAWD). So quite a few web sites were affected, with slow loading times. Sites that disabled DoubleClick ad banners had to deal with the fact that, for the better part of a day, they lost all banner revenue. So in the end, this DDOS was probably just a Bad Thing (TM).

poetic justice....

[super_ogg]

Trying to get rid of traffic they don't want to see... sounds like trying to get rid of adds we don't want to see.
ogg

On behalf..

On behalf of the Slashdot community, I would just like to say that this was indeed a terrible thing. I, and I believe I speak for everyone here when I say this, greatly missed the DoubleClick ads. Their intrusive nature, attempted trickery, and bright flashy lights are what make my internet experience what it is.

I hope that whoever did this terrible act is brought to justice, as such a horrible thing cannot go unpunished!

Re:On behalf..

[halivar]

I, and I believe I speak for everyone here when I say this, greatly missed the DoubleClick ads.

Let us have a moment of silence, and then I shall buy an X10 camera in their memory.

Actually...

[MacGoldstein]

Although it may seem like some sort of poetic justice that Doubleclick was attacked...

The attacks had more far-reaching effects. Pages would take forever to load for me (certain pages, not all), if they used doubleclick ads, simply because the browser was waiting for the final item (the ad) to load.

Whether or not you like doubleclick, their widespread adoption made this a productivity hit for those of us who frequent pages w/ doubleclick content (even if we never notice it).

Old News for Nerds, Stuff that's Days Old

[dsanfte]

Seriously, Slashdot needs to shape up, or stop trying to be a news site. This happened yesterday. If you can't get your editors to greenlight stories faster than 24hours in advance, let subscribers do it like Fark does.

Re:Old News for Nerds, Stuff that's Days Old

[daeley]

let subscribers do it like Fark does.

Yeah, 'cause there's no bastion of journalistic potency like Fark.

Granted this story broke yesterday, but since you obviously already knew about it from *some* source, I don't see what the problem is. Now we get to discuss it on /.

I didn't notice

[Patik]

I've had the following in my HOSTS file for a while now

0.0.0.0 ad.doubleclick.com
0.0.0.0 ads.doubleclick.net
0.0.0.0 ad2.doubleclick.net
0.0.0.0 ad3.doubleclick.net
0.0.0.0 ad4.doubleclick.net
0.0.0.0 ad5.doubleclick.net
0.0.0.0 ad6.doubleclick.net
0.0.0.0 ad7.doubleclick.net
0.0.0.0 ad8.doubleclick.net
0.0.0.0 ad9.doubleclick.net
0.0.0.0 ad10.doubleclick.net
0.0.0.0 ad11.doubleclick.net
0.0.0.0 ad12.doubleclick.net
0.0.0.0 ad13.doubleclick.net
0.0.0.0 ad14.doubleclick.net
0.0.0.0 ad15.doubleclick.net
0.0.0.0 ad16.doubleclick.net
0.0.0.0 ad17.doubleclick.net
0.0.0.0 ad18.doubleclick.net
0.0.0.0 ad19.doubleclick.net
0.0.0.0 ad20.doubleclick.net
0.0.0.0 ad.ch.doubleclick.net
0.0.0.0 ad.ca.doubleclick.net
0.0.0.0 ad.de.doubleclick.net
0.0.0.0 ad.fr.doubleclick.net
0.0.0.0 ad.jp.doubleclick.net
0.0.0.0 ad.nl.doubleclick.net
0.0.0.0 ad.no.doubleclick.net
0.0.0.0 ad.uk.doubleclick.net
0.0.0.0 ln.doubleclick.net
0.0.0.0 m.doubleclick.net
0.0.0.0 m2.doubleclick.net
0.0.0.0 iv.doubleclick.net
0.0.0.0 ebay.doubleclick.net

Lameness filter randomness: eed d ed wdwe de ff g v fdovk fok fb f osvi jfvioj asv d vp vv jspavj spav dsv aspdvj ede oijf o greg ewrg

Re:I didn't notice

[owlmon]

> I've had the following in my HOSTS file for a while now
>
> 0.0.0.0 ad.doubleclick.com
> 0.0.0.0 ads.doubleclick.net
> ...

Some alternatives that are fun:

1. Install privoxy from sourceforge.net. This is a local http proxy that allows you to filter out web content using regular expressions. So you can easily blank out any URL that contains the string "doubleclick." This is easier and more complete than trying to enumerate all the hostnames that Doubleclick Inc. uses. Privoxy is multi-platform; you can use it under Linux, Windows, etc.

2. Install posadis from sourceforge.net. This is a caching DNS server that you can install on your computer. It allows you to control how domain names (like *.doubleclick.net) get resolved by ALL the programs on your computer. I use it to essentially blackhole domains that I don't like. Once again, this is a multi-platform project. In particular, under Windoze, it runs as a service. It has an irritating bug: under Windoze, it will occasionally start using 100% CPU. When this happens, you have to restart the posadis service. A hassle, verily. But I enjoy having the control that derives from running my own DNS server.

3. Use a firewall (hardware or software) to block out numeric IP addresses. For example, 216.73.92.112 is www.doubleclick.net, so it should be blocked. I used to use this approach. I liked the idea of absolutely blocking any packets going to or from the bad guys, regardless of the DNS name used. The problem with this approach is that outfits like doubleclick.net will use a ton of different numeric IP addresses, and it's difficult to keep up with them.

Re:I didn't notice

[Rie+Beam]

I should mention there's a firefox extension that blocks ads based on regular expressions. Yet another reason to drop IE.

Problem with infrastructure companies

[PIPBoy3000]

The issue wasn't that Double Click had problems, but that every site that uses them become very slow.

Until the basic routing infrastructure of the net changes, this is going to be a common issue anytime a number of big sites all require another organization to serve up their pages (e.g. Akamai).

You know, I never noticed.

[Beardo+the+Bearded]

Thanks, Mike!

I rarely see ads in either IE or Mozilla.

Don't tolerate them

[zoloto]

No matter how much I hate /ads/, a DDoS should not be tolerated no matter to whom it's directed. Weather it's kernel.org or microsoft.com, let's try to use our knowledge constructivly instead of destructivly. How does that sound? And where does any one person think a DDoS will get for anyone as a whole? If anything, it'll bring a stronger resolve to preventative measures and keep them going strong. They have the $!! so where will it really get those who started this "attack"?

Re:Don't tolerate them

[dsanfte]

No matter how much I hate /ads/, a DDoS should not be tolerated no matter to whom it's directed.

Sorry man, in the days of the DMCA, INDUCE, and PATRIOT acts, I'll take my poetic justice wherever I can get it. I applaud this for the same reason I applaud thieves getting their asses hauled into prison, because they damn well deserve it, regardless of whether forced confinement is "wrong" or not.

Old news

[EvilStein]

IF this isn't a second DDoS, then this happened a couple days ago already.

Oh boy...

[nebulus4]

First they are DDOS'ed and now they are going to be /.'ed.. what a day..

But I wanted...

[krhainos]

... to enter to recieve my free iPod Mini

Re:3rd worst servers in existence ?

[skurk]

Don't one of the most aggresive advertisers in time, X10.

Re:3rd worst servers in existence ?

[skurk]

*bangs head to keyboard*
Must use preview button
Must use preview button
Must use preview button

What I tried to say, was "Don't forget one of the most agressive advertisers in time, X10", but the spontanity is somewhat gone now.

Oh well.

doubleclicked

[pizza_milkshake]

doubleclick obviously isn't using the DDOSBlock extension for Firefox.

Re:Devil's Advocate

[Grrr]

All those sites that you go to that have these ads are staying in business because of them.

False.

If DoubleClick went away so would a lot of that content.

True.

Gotta watch out for "all" and "never"... :)

The devil doesn't really need an advocate, eh?

<grrr>

Re:Good?

[Mesaeus]

Regarding CoolWeb we'd better skip the DDOS phase and go straight to beating the shit out of their employees with various blunt instruments, I call dibs on their "CEO". I just cleaned up a family's pc where the children got a fullscreen popup without any controls of naked 12-14 year olds, every single time they logged on. Courtesy of CoolWebSearch. That company is made up of a bunch of sick individuals, and they've perfected their "art" of drive-by-installing their spyware so much that the latest versions (there's about twenty different ones) are harder to get rid of than most virusses.

Quick refresher on how the "FREE" sites work...

[Omega]

I realize this is probably an unpopular opinion to have on slashdot, but I don't think most people understand that someone has to pay the hosting fees, bandwidth, editing time, content, etc. So here's how the so called "FREE" sites (those that are remaining on the net anyway) work. They exist because of advertising. As "evil" as ads may be, they pay the bills for Slashdot, The Onion, IMDb, Yahoo, etc.

Not to get all MPAA on you, but when you block the ads, you're hurting the site. Not only that, but you're encouraging "innovation" on the advertisers side to keep you from blocking the ads. This leads to a mixing of advertising and content, so that the web pages start becoming all flash or all pictures so you can't filter out certain images without breaking the whole site for yourself.

Want to keep the subscription sites down and keep the free web up? Leave the banner ads be. Hell, click on them once in a while. If the advertisers and website are satisfied with how their ads are doing, they'll be less aggressive and less likely to piss you off.

Re:Quick refresher on how the "FREE" sites work...

[LazloTheDog]

If the ad blinks or flashs, I block them. If the ad has a shitty server that causes the page to hang, I block them. And I don't care what site has them, because they are giving me a crap experience. doubleclick has been blocked for a long time now. If enough folks did this, the more astute sites will use a less intrusive ad provider.

JM

Re:Quick refresher on how the "FREE" sites work...

[Dun+Malg]

You cost the site bandwidth, you fucking moron. Free sites go down when too few people even click the ads. Or do you think the companies running the ads don't pay attention to have much traffic the site gets them? What a fucking moron, and an asshole to boot.

I know you are, but what am I?

All childishness aside, think about this rationally, please. The original assertion was that blocking ads results in lower ad revenue. This is incorrect. It's not the blocking, but the not clicking that reduces revenue. Whether I see the ad or not, I am not clicking. Advertisers always assume that a certain percentage of people will not be affected by the ads. I represent part of that percentage. Feel free to call me an asshole for not doing what they already know I'm not going to do, but think about the alternative. Are you saying that everyonbe ahould click every ad that comes up? Don't you think the ad company is going to get suspicious when a grossly abnormal percentage of people are clicking through? I understand your knee-jerk, but you have to understand that "freeloaders" like me have already been accounted for.

Re:Quick refresher on how the "FREE" sites work...

[NevermindPhreak]

"i'm lovin' it."
"just do it."
"takes a licking and keeps on ticking."

if any of these phrases bring a companies name to mind, and any ideas about that company, then youve been affected by advertising more than you think. its branding, and you dont have to interact with an ad to be affected by it. a big part of marketing is just letting people know a company exists, not making you buy a product then and there. :-P

legal DDOS of doubleclick here...

[bani]

http://adzapper.sourceforge.net/

a nifty plugin for squid. does more than just remove ads, it replaces them with a 'this ad zapped' image / swf, so pages don't render weird.

it's written in perl so it's easy to hack and is easily configurable.

Site clearly still broken

[IBitOBear]

No matter how many times I click refresh, the DoubleClick corporate site will not not display any banner ads, nor pop up nor pop under any X10 windows...

Oh, what did you say? "The leader in network advertising" only has tasteful advertisements on their own site?

Isn't that a tad hypocritical?

Shouldn't the people advocating annoying, bouncing, animated, rollover tripe beleive in their own products and techniques enough to use it on their own pages?

Clearly they don't, and they don't.

One could only dream of the day when all the advertisers who patronize DoubleClick ask them selves why DoubleClick doesn't use their own service to advertise their own service...

Perhaps because their customers would realize how much such techniques annoy and drive off potential clients....?

Nah, marketeers (as in mouse, not misspelling 8-) will never get wise to their own lack of wisdom.

enough joking; this is a real tragedy!

[commodoresloat]

25% of DoubleClick's advertising is still getting through.

Probably

[Sycraft-fu]

Do you consider it unethical to read a newspaper without reading their ads? Record a TV show and then fast forward through the commercials later? Get up and get food/go to the bathroom during commercials? Throw away mail flyers for products? Use a text based browser? Have a visual imparement?

In all these cases, you are ignoring/blocking ads. Sites have a right to try and advertise, but it's your computer, and you have a right to change the presentation to meet your needs.

Also if the advertisers learned a little something form successful advertising, such as Google and newspapers, they would have a much better chance of not getting blocked:

1) Be less obtrusive. The web is a random access media. Interrupting people with full screen or popup ads is annoying and counter the operation of the web. Thus people hate them and want them gone.

2) Be relivant. Do nto slather your ad over ever site on the internet. Target your ad at sites that attract people that care.

3) Be honest. A large number of ads are highly deceptive in their nature.

Double click violates all of these their ads are a pain, they advertise whatever, wherever and most of them are "Punch the monkey and win" or "You have a message" or "Your computer is broadcasting an Internet IP address".

I LIKE Google ads, since they relate to what I search for. Thus, if I want to buy something, I search and then look in the right hand column since the ads are unobtrusive, relivant to what I want, and honestly trying to sell me it.

Re:Probably

[DreamerFi]

Bob is being nice to you. He's giving you free pictures of flowers. Being nice to Bob and viewing the whole site is the right thing to do.

Now, where am I wrong?

Here's where you are wrong: Bob picked a business model to make sure he could continue to give out those pictures. He could have picked many, but he picked advertising. That may or may not work: perhaps it earns him enough money to continue doing it this way, perhaps it doesn't. It is not relevant wether people actually view the advertising, buy something based on the advertising, etc, because it's clearly a deal between the advertiser and bob. Not between me and bob. I have no responsibility to make his business model work for him. Suppose he signed a contract that doesn't make him enough money - he just needs 5% more. Would it be an ethical requirement for me to visit his site 5% more to make up for his bad decision? No? How about 50%? I have no ethical requirement to make any business model at all work. I am not ethically required to make the store at the corner profitable, and I'm not ethically required to make Bob profitable. It's his gamble that advertising is a way to get money from my visits to his site.

-John

Webmasters: Host your (text) ads yourself!

[iamcf13]

Doing that will make them unblockable since the ads and the content are being served from the same IP address. However, there is nothing to stop someone with coming up with a clever HTML rewriter plugin/browser to strip out the content (readable text and meaningful binary content files) and make a simplified version of the (likely ad-ridden) original page.

My firewall program cannot detect deliberately broken up 'SCRIPT' tags via the document.write Javascript function--otherwise Google's AdSense advertising would be blocked too. If I didn't need Javascript, I could turn it off at the browser level and kill these ads as well.

Simple, HTML-only, text-based ads for me, thank you very much (works for Google)--I am on 'sessioned', time-limited dailup and cannot waste time downloading an (animated) ad banner image, or an (obnoxious, animated) shockwave ad.