Microsoft Bots Effectively DDoSing Perl CPAN Testers

at_slashdot writes "The Perl CPAN Testers have been suffering issues accessing their sites, databases and mirrors. According to a posting on the CPAN Testers' blog, the CPAN Testers' server has been being aggressively scanned by '20-30 bots every few seconds' in what they call 'a dedicated denial of service attack'; these bots 'completely ignore the rules specified in robots.txt.'" From the Heise story linked above: "The bots were identified by their IP addresses, including 65.55.207.x, 65.55.107.x and 65.55.106.x, as coming from Microsoft."

Probably just a bug.

[tjstork]

I know everyone likes to assume that Microsoft is being evil here, but wouldn't the more realistic assumption be that they were just being incompetent?

Re:Probably just a bug.

[Lloyd_Bryant]

I know everyone likes to assume that Microsoft is being evil here, but wouldn't the more realistic assumption be that they were just being incompetent?

Sufficiently advanced incompetence is indistinguishable from malice. For additional examples, see Government, US.

The simple fact is that ignoring robots.txt is effectively evil, regardless of the intent. It's not like robots.txt is some new innovation...

Re:Probably just a bug.

[fish+waffle]

I know everyone likes to assume that Microsoft is being evil here, but wouldn't the more realistic assumption be that they were just being incompetent?

Probably. But since incompetence is the plausible deniability of evil it's sometimes hard to tell.

Re:Probably just a bug.

[MrMr]

The problem is, there is no evidence that:
Never ascribe to stupidity that which can be adequately explained by malice.
Is invoking more entities.
In fact, claiming that the commercially most successfull software company got there through stupidity rather than malice sounds extremely implausible to me.

Re:Probably just a bug.

[schon]

It has nothing to do with the RTFA.

their own guidelines on their site

As anyone who has ever read MS documentation can tell you, you need to read it, then implement a test, so you can see what it really expects, then adjust your test, then try it until it works.

Their problem is that they expected MS documentation to actually describe the expected behaviour.

Re:So block those IP ranges?

[Sarten-X]

For ignoring robots.txt, they don't deserve any more nor less.

Re:So how do we DDoS Microsoft?

"as we need additional information to be able to track down the problem."

IP addresses aren't enough? You're MS--if you can't fix the problem and IP addresses are given, damn, that's just sad. You're freaking massive multi-billion dollar tech companies, and this is the best you can do?

No wonder Chinese hackers own our asses.

Then again, it took Comcast 9 months to fix a security hole in customer accounts (which would have required an s to http to make pages SSL'd), and the only reason it was "fixed" was because they did their annual website makeover and changed their entire system to something Flash based. Then again, I had contacted a VP, VP's security, referred to web security, and talked to web security 3x, talked to a manager. The last 3 groups verified the problem. It was referred to their web applications team by that point, who sat on it.

Lovely world we live in.

Re:So how do we DDoS Microsoft?

[Chris+Burke]

I've never liked that saying because of the implication that malice and stupidity are exclusive.

Dumb and mean are often found together.