DoubleClick Hit by DDoS Attack

YetAnotherName writes "The Washington Times is reporting that everyone's most beloved online advertising distributor, DoubleClick, was subject to a DoS attack crippling the company's DNS servers, and preventing up to 75% of advertising from making it to web pages and surfers' eyes."

Sad news

[Lord+Grey]

... subject to a DoS attack crippling the company's DNS servers ...

It is truly sad when Internet blackhats target a large, upstanding company like ....

Oh, wait. It was DoubleClick?

Can I donate some computer time?

Re:Sad news

[dfurie]

I think you're on to something. I think its time to give up on SETI and Folding@home and make a new distributed project to better man-kind; a doubleclick DDoS'er.

Re:Sad news

[adam+mcmaster]

I agree, adblock is very useful.

Re:Sad news

[Compholio]

When they arrest the guy who did it we should put together a paypal donation to take care of his legal costs.

Re:Sad news

[eegad]

Was this some other DoS attack besides posting their URL on Slashdot?

Re:Sad news

[byolinux]

Adblock most of the time or PithHelmet for those Safari Moments.

Re:Sad news

[JPriest]

Not that box, I am pinging their primary DNS server and still getting a reply, they have 4.

ns1.doubleclick.net
ns2.doubleclick.net
ns3.doubleclick.net
ns4.doubleclick.net

This way you can check your networks to see if any machines are hitting these DNS server. I am going to keep my ping going to make sure ns1 stays online. j/k

You can do your part to reduce the load by adding doubleclicks ad-servers to your /etc/hosts file as 127.0.0.1 (this can be done in windows too).

Re:Sad news

[0x0d0a]

Would a cracker 127.0.0.1'ing doubleclock via a worm or virus be a black hat or a white hat?

Re:Sad news

[JabberWokky]

Am I the only person left who thinks it is unethical to use a person's site and block their ads? I find it deeply troubling that there are many people who work for or would like to work for internet companies that turn around and bite the prevailing revenue source for those same companies.

You can argue all you want, it is a matter of personal belief. I consider it to be something that should not be made illegal, but also something that is terribly impolite to do and does have a negative effect upon something that you like enough to patronize.

It's kind of like when the cool coffee house with all the great local bands closes down because nobody bought any coffee. Everybody bitches how much it sucks, but never connects that they were taking up a chair for four hours without buying a drink.

If you like the site, how about some respect for the people who work on it? Common decency appears to be growing much less common.

--
Evan

Re:Sad news

[Captain+Nitpick]

That's because they don't. They were referring to the people who pay them to place their ads; the people who click on the ads would be Doubleclick's customers' customers.

The people who click on the ads are Doubleclick's product.

Re:Sad news

[JPriest]

Becasue it takes a long time for nowhere to reply.

Re:Sad news

[Elwood+P+Dowd]

Ok, I realize

you are joking

alexa is crap
but doubleclick doesn't give a flying fuck about slashdot.

Re:Sad news

[JabberWokky]

That sword cuts both ways - if a site uses ads any more obtrusive than a google ad, I block it

I have an urge to give a snotty "you block a whole site because of their ads? Isn't that excessive"?

But that is kind of the point - I am sure that you can justify using the site without the ads. Justification is the parlor game of most internet power users. I just don't see it that way. If I walk into a bar with a two drink minimum, even if it is not enforced, the right thing to do is order two drinks. I'll sit at a diner for hours with a cup of coffee, but I won't do it during a mealtime rush. These are things that aren't illegal, but are merely rude; you are taking advantage of the proprietor.

How is blocking the ads but using the site not an immoral act? Not a terrible one like cheating on your wife, but mild one like skipping on the two drink minimum or leaving a lousy tip?

I tip well, I follow the rules, both official and unspoken of an establishment that I enjoy, and I leave the ads on if I read the site. The glee of saving a few bucks by not leaving a tip is tempered by recognizing that there's a waitress who you just screwed. Is it because you can't see the work that the author put into the site? Is it moral because you don't see the website employees you've (mildly) screwed over?

--
Evan

Re:Sad news

[thrillseeker]

that is kind of the point - I am sure that you can justify using the site without the ads.

Sure I can justify it - I'm not going to eat a bowl of shit just to get to the cherry.

Abusive ads are ignored in any way possible (adblock, making a note to never buy anything from that company, never visiting the site again, whatever) by everyone who visits a site in some way, either mentally or physically. If it blinks, wiggles, flashes, has sound, pops up, pops under, moves around, or is just plain ugly it gets ignored from then on - forever if it has any moving parts. Sites that elect to serve such abusive ads will eventually go out of business. Sites that make an effort to serve relevant and simple ads will still be around - some of them that make a serious effort to "do no evil", such as google, will even make money.

Re:Sad news

[shaitand]

I felt that way once, but then I figured out the great secret. Whatever the features are of IE that give you that comfort, bitch here on slashdot about Mozilla not doing it. BAM within 5minutes you'll have 12 extensions that make moz/ff behave just that way. Be sure to mention IE does whatever it is though, if you don't it won't work as well.

Seriously, try it.

Believe it or not, it usually gets a faster response than "I just wish linux did... windows does it".

DoubleClick is still around?

It's been so long since I've seen an ad I forgot about them.

Good or bad?

[EdZ]

I'm not sure whether the encouragement of DDOS-ing even 'evil' companies should be encouraged.

On behalf..

On behalf of the Slashdot community, I would just like to say that this was indeed a terrible thing. I, and I believe I speak for everyone here when I say this, greatly missed the DoubleClick ads. Their intrusive nature, attempted trickery, and bright flashy lights are what make my internet experience what it is.

I hope that whoever did this terrible act is brought to justice, as such a horrible thing cannot go unpunished!

Re:On behalf..

[halivar]

I, and I believe I speak for everyone here when I say this, greatly missed the DoubleClick ads.

Let us have a moment of silence, and then I shall buy an X10 camera in their memory.

Actually...

[MacGoldstein]

Although it may seem like some sort of poetic justice that Doubleclick was attacked...

The attacks had more far-reaching effects. Pages would take forever to load for me (certain pages, not all), if they used doubleclick ads, simply because the browser was waiting for the final item (the ad) to load.

Whether or not you like doubleclick, their widespread adoption made this a productivity hit for those of us who frequent pages w/ doubleclick content (even if we never notice it).

Old News for Nerds, Stuff that's Days Old

[dsanfte]

Seriously, Slashdot needs to shape up, or stop trying to be a news site. This happened yesterday. If you can't get your editors to greenlight stories faster than 24hours in advance, let subscribers do it like Fark does.

Re:Old News for Nerds, Stuff that's Days Old

[daeley]

let subscribers do it like Fark does.

Yeah, 'cause there's no bastion of journalistic potency like Fark.

Granted this story broke yesterday, but since you obviously already knew about it from *some* source, I don't see what the problem is. Now we get to discuss it on /.

I didn't notice

[Patik]

I've had the following in my HOSTS file for a while now

0.0.0.0 ad.doubleclick.com
0.0.0.0 ads.doubleclick.net
0.0.0.0 ad2.doubleclick.net
0.0.0.0 ad3.doubleclick.net
0.0.0.0 ad4.doubleclick.net
0.0.0.0 ad5.doubleclick.net
0.0.0.0 ad6.doubleclick.net
0.0.0.0 ad7.doubleclick.net
0.0.0.0 ad8.doubleclick.net
0.0.0.0 ad9.doubleclick.net
0.0.0.0 ad10.doubleclick.net
0.0.0.0 ad11.doubleclick.net
0.0.0.0 ad12.doubleclick.net
0.0.0.0 ad13.doubleclick.net
0.0.0.0 ad14.doubleclick.net
0.0.0.0 ad15.doubleclick.net
0.0.0.0 ad16.doubleclick.net
0.0.0.0 ad17.doubleclick.net
0.0.0.0 ad18.doubleclick.net
0.0.0.0 ad19.doubleclick.net
0.0.0.0 ad20.doubleclick.net
0.0.0.0 ad.ch.doubleclick.net
0.0.0.0 ad.ca.doubleclick.net
0.0.0.0 ad.de.doubleclick.net
0.0.0.0 ad.fr.doubleclick.net
0.0.0.0 ad.jp.doubleclick.net
0.0.0.0 ad.nl.doubleclick.net
0.0.0.0 ad.no.doubleclick.net
0.0.0.0 ad.uk.doubleclick.net
0.0.0.0 ln.doubleclick.net
0.0.0.0 m.doubleclick.net
0.0.0.0 m2.doubleclick.net
0.0.0.0 iv.doubleclick.net
0.0.0.0 ebay.doubleclick.net

Lameness filter randomness: eed d ed wdwe de ff g v fdovk fok fb f osvi jfvioj asv d vp vv jspavj spav dsv aspdvj ede oijf o greg ewrg

Re:I didn't notice

[owlmon]

> I've had the following in my HOSTS file for a while now
>
> 0.0.0.0 ad.doubleclick.com
> 0.0.0.0 ads.doubleclick.net
> ...

Some alternatives that are fun:

1. Install privoxy from sourceforge.net. This is a local http proxy that allows you to filter out web content using regular expressions. So you can easily blank out any URL that contains the string "doubleclick." This is easier and more complete than trying to enumerate all the hostnames that Doubleclick Inc. uses. Privoxy is multi-platform; you can use it under Linux, Windows, etc.

2. Install posadis from sourceforge.net. This is a caching DNS server that you can install on your computer. It allows you to control how domain names (like *.doubleclick.net) get resolved by ALL the programs on your computer. I use it to essentially blackhole domains that I don't like. Once again, this is a multi-platform project. In particular, under Windoze, it runs as a service. It has an irritating bug: under Windoze, it will occasionally start using 100% CPU. When this happens, you have to restart the posadis service. A hassle, verily. But I enjoy having the control that derives from running my own DNS server.

3. Use a firewall (hardware or software) to block out numeric IP addresses. For example, 216.73.92.112 is www.doubleclick.net, so it should be blocked. I used to use this approach. I liked the idea of absolutely blocking any packets going to or from the bad guys, regardless of the DNS name used. The problem with this approach is that outfits like doubleclick.net will use a ton of different numeric IP addresses, and it's difficult to keep up with them.

Problem with infrastructure companies

[PIPBoy3000]

The issue wasn't that Double Click had problems, but that every site that uses them become very slow.

Until the basic routing infrastructure of the net changes, this is going to be a common issue anytime a number of big sites all require another organization to serve up their pages (e.g. Akamai).

Don't tolerate them

[zoloto]

No matter how much I hate /ads/, a DDoS should not be tolerated no matter to whom it's directed. Weather it's kernel.org or microsoft.com, let's try to use our knowledge constructivly instead of destructivly. How does that sound? And where does any one person think a DDoS will get for anyone as a whole? If anything, it'll bring a stronger resolve to preventative measures and keep them going strong. They have the $!! so where will it really get those who started this "attack"?

Old news

[EvilStein]

IF this isn't a second DDoS, then this happened a couple days ago already.

Oh boy...

[nebulus4]

First they are DDOS'ed and now they are going to be /.'ed.. what a day..

But I wanted...

[krhainos]

... to enter to recieve my free iPod Mini

Re:3rd worst servers in existence ?

[skurk]

Don't one of the most aggresive advertisers in time, X10.

Re:Devil's Advocate

[Grrr]

All those sites that you go to that have these ads are staying in business because of them.

False.

If DoubleClick went away so would a lot of that content.

True.

Gotta watch out for "all" and "never"... :)

The devil doesn't really need an advocate, eh?

<grrr>

Re:Good?

[Mesaeus]

Regarding CoolWeb we'd better skip the DDOS phase and go straight to beating the shit out of their employees with various blunt instruments, I call dibs on their "CEO". I just cleaned up a family's pc where the children got a fullscreen popup without any controls of naked 12-14 year olds, every single time they logged on. Courtesy of CoolWebSearch. That company is made up of a bunch of sick individuals, and they've perfected their "art" of drive-by-installing their spyware so much that the latest versions (there's about twenty different ones) are harder to get rid of than most virusses.

Quick refresher on how the "FREE" sites work...

[Omega]

I realize this is probably an unpopular opinion to have on slashdot, but I don't think most people understand that someone has to pay the hosting fees, bandwidth, editing time, content, etc. So here's how the so called "FREE" sites (those that are remaining on the net anyway) work. They exist because of advertising. As "evil" as ads may be, they pay the bills for Slashdot, The Onion, IMDb, Yahoo, etc.

Not to get all MPAA on you, but when you block the ads, you're hurting the site. Not only that, but you're encouraging "innovation" on the advertisers side to keep you from blocking the ads. This leads to a mixing of advertising and content, so that the web pages start becoming all flash or all pictures so you can't filter out certain images without breaking the whole site for yourself.

Want to keep the subscription sites down and keep the free web up? Leave the banner ads be. Hell, click on them once in a while. If the advertisers and website are satisfied with how their ads are doing, they'll be less aggressive and less likely to piss you off.

Re:Quick refresher on how the "FREE" sites work...

[Dun+Malg]

You cost the site bandwidth, you fucking moron. Free sites go down when too few people even click the ads. Or do you think the companies running the ads don't pay attention to have much traffic the site gets them? What a fucking moron, and an asshole to boot.

I know you are, but what am I?

All childishness aside, think about this rationally, please. The original assertion was that blocking ads results in lower ad revenue. This is incorrect. It's not the blocking, but the not clicking that reduces revenue. Whether I see the ad or not, I am not clicking. Advertisers always assume that a certain percentage of people will not be affected by the ads. I represent part of that percentage. Feel free to call me an asshole for not doing what they already know I'm not going to do, but think about the alternative. Are you saying that everyonbe ahould click every ad that comes up? Don't you think the ad company is going to get suspicious when a grossly abnormal percentage of people are clicking through? I understand your knee-jerk, but you have to understand that "freeloaders" like me have already been accounted for.

Probably

[Sycraft-fu]

Do you consider it unethical to read a newspaper without reading their ads? Record a TV show and then fast forward through the commercials later? Get up and get food/go to the bathroom during commercials? Throw away mail flyers for products? Use a text based browser? Have a visual imparement?

In all these cases, you are ignoring/blocking ads. Sites have a right to try and advertise, but it's your computer, and you have a right to change the presentation to meet your needs.

Also if the advertisers learned a little something form successful advertising, such as Google and newspapers, they would have a much better chance of not getting blocked:

1) Be less obtrusive. The web is a random access media. Interrupting people with full screen or popup ads is annoying and counter the operation of the web. Thus people hate them and want them gone.

2) Be relivant. Do nto slather your ad over ever site on the internet. Target your ad at sites that attract people that care.

3) Be honest. A large number of ads are highly deceptive in their nature.

Double click violates all of these their ads are a pain, they advertise whatever, wherever and most of them are "Punch the monkey and win" or "You have a message" or "Your computer is broadcasting an Internet IP address".

I LIKE Google ads, since they relate to what I search for. Thus, if I want to buy something, I search and then look in the right hand column since the ads are unobtrusive, relivant to what I want, and honestly trying to sell me it.

Re:Probably

[DreamerFi]

Bob is being nice to you. He's giving you free pictures of flowers. Being nice to Bob and viewing the whole site is the right thing to do.

Now, where am I wrong?

Here's where you are wrong: Bob picked a business model to make sure he could continue to give out those pictures. He could have picked many, but he picked advertising. That may or may not work: perhaps it earns him enough money to continue doing it this way, perhaps it doesn't. It is not relevant wether people actually view the advertising, buy something based on the advertising, etc, because it's clearly a deal between the advertiser and bob. Not between me and bob. I have no responsibility to make his business model work for him. Suppose he signed a contract that doesn't make him enough money - he just needs 5% more. Would it be an ethical requirement for me to visit his site 5% more to make up for his bad decision? No? How about 50%? I have no ethical requirement to make any business model at all work. I am not ethically required to make the store at the corner profitable, and I'm not ethically required to make Bob profitable. It's his gamble that advertising is a way to get money from my visits to his site.

-John

Webmasters: Host your (text) ads yourself!

[iamcf13]

Doing that will make them unblockable since the ads and the content are being served from the same IP address. However, there is nothing to stop someone with coming up with a clever HTML rewriter plugin/browser to strip out the content (readable text and meaningful binary content files) and make a simplified version of the (likely ad-ridden) original page.

My firewall program cannot detect deliberately broken up 'SCRIPT' tags via the document.write Javascript function--otherwise Google's AdSense advertising would be blocked too. If I didn't need Javascript, I could turn it off at the browser level and kill these ads as well.

Simple, HTML-only, text-based ads for me, thank you very much (works for Google)--I am on 'sessioned', time-limited dailup and cannot waste time downloading an (animated) ad banner image, or an (obnoxious, animated) shockwave ad.