Microsoft Bots Effectively DDoSing Perl CPAN Testers

← Back to Stories (view on slashdot.org)

Microsoft Bots Effectively DDoSing Perl CPAN Testers

Posted by timothy on Monday January 18, 2010 @12:48AM from the stuck-in-a-rut dept.

at_slashdot writes "The Perl CPAN Testers have been suffering issues accessing their sites, databases and mirrors. According to a posting on the CPAN Testers' blog, the CPAN Testers' server has been being aggressively scanned by '20-30 bots every few seconds' in what they call 'a dedicated denial of service attack'; these bots 'completely ignore the rules specified in robots.txt.'" From the Heise story linked above: "The bots were identified by their IP addresses, including 65.55.207.x, 65.55.107.x and 65.55.106.x, as coming from Microsoft."

86 of 332 comments (clear)

So how do we DDoS Microsoft? by drinkypoo · 2010-01-18 00:50 · Score: 4, Funny

Anyone know what sites on Microsoft's front-facing sites are most computationally intensive, and yet always dynamically generated? :D

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
1. Re:So how do we DDoS Microsoft? by Anonymous Coward · 2010-01-18 00:54 · Score: 2, Interesting
  
  Bing? ...But that would only help them to DDoS Bing.
2. Re:So how do we DDoS Microsoft? by Lennie · 2010-01-18 00:56 · Score: 2, Insightful
  
  http://blogs.msdn.com/
  
  I've seen it fail many times
  
  --
  New things are always on the horizon
3. Re:So how do we DDoS Microsoft? by SharpFang · 2010-01-18 00:59 · Score: 2, Insightful
  
  No, we just make mistakes writing our Perl programs for automatic downloading stuff from MSDN. Like, download() unless success, and forget to set success=true;
  
  --
  45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
4. Re:So how do we DDoS Microsoft? by jisatsusha · 2010-01-18 01:01 · Score: 2, Funny
  
  All that'd serve to do is make them look more popular than ever. Traffic up 300%! Sounds like a good mar
5. Re:So how do we DDoS Microsoft? by Anonymous Coward · 2010-01-18 01:05 · Score: 3, Funny
  
  That exactly what i said. Dont you dare leech the score from me jackass!
6. Re:So how do we DDoS Microsoft? by jlp2097 · 2010-01-18 01:31 · Score: 5, Informative
  
  Not necessary. A Bing Product Manager has already commented on the CPAN Testers blog entry upon which the article is based:
  
  Hi,
  I am a Program Manager on the Bing team at Microsoft, thanks for bringing this issue to our attention. I have sent an email to barbie@cpan.org as we need additional information to be able to track down the problem. If you have not received the email please contact us through the Bing webmaster center at bwmc@microsoft.com.
  As said below, never ascribe to malice that which can be adequately explained by stupidity. (Insert lame joke about MSFT being full of stupidity here).
7. Re:So how do we DDoS Microsoft? by Anonymous Coward · 2010-01-18 01:42 · Score: 5, Funny
  
  As much spam as I get from ir@infousa.com , I wish that someone would DDOS that damned company. If I knew of a way to get extra spam to ir@infousa.com I would probably do it so that company could get a taste of its own medicine. ir@infousa.com sent me unsolicited spam and it drives me nuts. Thanks for nothing, ir@infousa.com . It makes me want to call the company at (402)593-4500 and complain, but I don't have time. I guess I'll email them at ir@infousa.com instead. maybe.
8. Re:So how do we DDoS Microsoft? by kulnor · 2010-01-18 01:42 · Score: 5, Funny
  
  Well, with Barbie(TM) on the case, this should be quickly resolved (unless she's too busy with G.I.Joe(TM))
9. Re:So how do we DDoS Microsoft? by PetoskeyGuy · 2010-01-18 02:08 · Score: 4, Insightful
  
  Why make things worse? Block the ip address or range and notify the admins. This isn't a chan mob.
10. Re:So how do we DDoS Microsoft? by Zarf · 2010-01-18 02:29 · Score: 3, Insightful
  
  Clue: Subtle joke, deserves 'funny' moderation ;)
  Subtle + Slashdot = FAIL
  
  --
  [signature]
11. Re:So how do we DDoS Microsoft? by Anonymous Coward · 2010-01-18 02:55 · Score: 5, Insightful
  
  "as we need additional information to be able to track down the problem."
  IP addresses aren't enough? You're MS--if you can't fix the problem and IP addresses are given, damn, that's just sad. You're freaking massive multi-billion dollar tech companies, and this is the best you can do?
  No wonder Chinese hackers own our asses.
  Then again, it took Comcast 9 months to fix a security hole in customer accounts (which would have required an s to http to make pages SSL'd), and the only reason it was "fixed" was because they did their annual website makeover and changed their entire system to something Flash based. Then again, I had contacted a VP, VP's security, referred to web security, and talked to web security 3x, talked to a manager. The last 3 groups verified the problem. It was referred to their web applications team by that point, who sat on it.
  Lovely world we live in.
12. Re:So how do we DDoS Microsoft? by Penguinisto · 2010-01-18 03:12 · Score: 2, Insightful
  
  As said below, never ascribe to malice that which can be adequately explained by stupidity. (Insert lame joke about MSFT being full of stupidity here).
  Given the back-story on the whole Danger data loss affair, stupidity is the FIRST thing I'd ascribe to Microsoft these days...
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
13. Re:So how do we DDoS Microsoft? by WinterSolstice · 2010-01-18 03:20 · Score: 4, Insightful
  
  Actually, your statement works better with 'INSERT LANG HERE'...
  I'm always surprised by how people seem to think that any language has a monopoly of some sort on sloppy and/or lazy coders. Been doing IT a long time, and the one thing that never changes is the sloppy/lazy code issue. It even predates programming, you know - look at infrastructure around the world for examples of "just toss something out there, hope it works".
  
  --
  An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
14. Re:So how do we DDoS Microsoft? by Short+Circuit · 2010-01-18 03:23 · Score: 4, Insightful
  
  A quick guess? Identifying unique sites by domain name, rather than by IP address, and either the bot or server not respecting HTTP 301 redirects.
  With Rosetta Code, I once had www.rosettacode.org serving up the same content as rosettacode.org. My server got pounded by two bots from Yahoo. I could set Crawl-Delay, but it was only partially effective; One bot had been assigned to www.rosttacode.org, while another to rosettacode.org, and they were each keeping track of their request delay independently. I've since corrected things such that www.rosettacode.org returns an HTTP 301 redirect to rosettacode.org, and have was eventually able to remove the Crawl-Delay entirely.
  I've since worked towards only serving up content for any particular part of the site on a single domain name, and have subdomains such as "wiki.rosettacode.org" redirect to "rosettacode.org/wiki", and "blog.rosettacode.org" to "rosettacode.org/blog". Works rather nice, though it does leave me a bit more open to cookie theft attacks.
  YMMV; As I said, that was a quick guess.
  
  --
  tasks(723) drafts(105) languages(484) examples(29106)
15. Re:So how do we DDoS Microsoft? by Spatial · 2010-01-18 03:23 · Score: 5, Funny
  
  How horrible are your employees at their jobs when they require the assistance of their victims to fix the problem?
  [Every IT worker on Slashdot looks around nervously]
16. Re:So how do we DDoS Microsoft? by jc42 · 2010-01-18 03:35 · Score: 4, Interesting
  
  As said below, never ascribe to malice that which can be adequately explained by stupidity. (Insert lame joke about MSFT being full of stupidity here).
  Yeah, though this particular sort of stupidity has been going on for a long time, and not just at Microsoft (though they seem to be the worst culprit).
  I run a couple of sites that, among other things, has links to return the "content" in a list of different formats (GIF, PNG, PS, PDF, ...). Periodically, the servers get bogged down by search sites hitting them many times per second, trying to get every file in every format. The worst cases seem to come from microsoft.com and msn.com, though it happens with other search sites, too. Actually, the first attempts I saw at "deep search" like this came from googlebots around 10 years ago, though they quickly backed off and haven't been a serious problem since then. MS-origin "attacks" of this sort have been happening every few months, for nearly a decade.
  I've generally handled them with a couple of techniques. One is to check the logs for successive requests from the same address, and insert sleep() calls with progressively longer sleeps as more messages arrive. The code prefixes the "content" with a comment explaining what's happening, in case a human investigates.
  Another technique is to look for series of "give me this in all your output formats" requests, verify that it's a search bot, and add the address to a "banned" list of sites that simply get a message explaining why they aren't getting what they asked for, plus an email address if they want to get in contact. So far nobody at any search site has ever used that address. I did once get a response from a guy who was studying sites with such multi-format data, for a school project, to see how the various output formats compared in size and information content. I took his address off the banned list, and suggested that he add a couple-second delay between requests, and he finished his project a few days later.
  I suspect that the googlebot folks may have read my explanation of the delays and added code to spread their requests out over time, since that's what their bots seem to do now. But I never heard from them. They must have gotten complaints (and bans) from lots of web sites when they started doing this, so they probably realized quickly that they should add code to prevent such flooding of sites.
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
17. Re:So how do we DDoS Microsoft? by Alpha830RulZ · 2010-01-18 03:40 · Score: 2, Insightful
  
  You know, it's easy to poke fun at the Microsofty, but is it possible that he was just trying to find out what was being hit so that he could figure out who in his organization he should contact? Maybe there is some uber technical way he could have figured this out, or maybe he should have RTFB, but his response sounded well intentioned and responsive. What would you prefer? The microsoft of old?
  
  --
  I was taught to respect my elders. The trouble is, it's getting harder and harder to find some.
18. Re:So how do we DDoS Microsoft? by MstrFool · 2010-01-18 04:50 · Score: 2, Insightful
  
  Same reason other folks can't, they are human. Look, I despise MS for a variety of reasons and am one of the rabid anti-MS folks. But honestly, they do enough that is legit to gripe about, no need to blow a mistake like this out of proportion. Considering all they do it was inevitable to happen at some point. Shit happens, any one that codes has had a mega-woops at one point or an other, and if they haven't they they are cookie cutter coding and not risking creativity. Hate them for needlessly locking the geeks from the systems, for locking the owners out of the systems while permitting hackers more remote access rights then they could get at the system it self. But this? 'eh, they goofed, get over it and worry about the real evil they are doing.
  
  --
  Question reality.
19. Re:So how do we DDoS Microsoft? by Short+Circuit · 2010-01-18 04:58 · Score: 4, Insightful
  
  The REAL solution to your problem is for everyone to abandon the dumb-as-shite "www" prefix.
  Why bother with www.example.com and example.com? Get rid of it. Anyone who still puts "www." on their business cards is a dufus.
  
  REAL solutions to immediate problems don't depend on the rest of the world changing to suit my needs. Also, the fact remains that there are links out there that point to "http://www.rosettacode.org/w/index.php?something_or_other", not all of those links will (or can) change, and I would be an absolute fool to knowingly break them, if I want people to visit RCo via referral traffic.
  
  --
  tasks(723) drafts(105) languages(484) examples(29106)
20. Re:So how do we DDoS Microsoft? by raju1kabir · 2010-01-18 05:00 · Score: 4, Insightful
  
  Different system's doesn't really apply but what if the site's robots.txt is slightly different (different newlines or something) which is causing an unforeseen error?
  There is a spec for robots.txt. If someone's not following it, then it's their fault. Given Microsoft's past history, I know where I'd point the finger absent any more concrete information.
  
  --
  "Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
21. Re:So how do we DDoS Microsoft? by mounthood · 2010-01-18 05:19 · Score: 4, Insightful
  
  As said below, never ascribe to malice that which can be adequately explained by stupidity.
  Must be really easy to just beat you in the face, and say “Ooops, I’m sorry, I’m so st00pid! *drool*” I call bullshit on that rule.
  My rule: Don’t make judgements at all (either way), about things that you just don’t know.
  How about: Don't mistake organizational stupidity for individual stupidity. This isn't the case of a single bad coder making a mistake, this is an organization that's chosen to how much effort to apply. How much testing and review? What failsafe's, logging and active monitoring? Will options for feedback be accessible and responsive? Stupidity and Malice aren't mutually exclusive for an individual, and certainly not for an organization.
  
  --
  tomorrow who's gonna fuss
22. Re:So how do we DDoS Microsoft? by Chris+Burke · 2010-01-18 05:28 · Score: 5, Insightful
  
  I've never liked that saying because of the implication that malice and stupidity are exclusive.
  Dumb and mean are often found together.
  
  --
  
  The enemies of Democracy are
23. Re:So how do we DDoS Microsoft? by dissy · 2010-01-18 05:28 · Score: 4, Interesting
  
  Every once in a while, I still see sites that don't serve up unless you include "www." in the address - but it's like I said - a dufus.
  
  Looks like someone hasn't read RFC 1178 and enjoys breaking interoperability.
  Your method also breaks email by redelegating MX records one sub domain above where the control should be and MX's point to, thus breaks delegation of sub domains.
24. Re:So how do we DDoS Microsoft? by mmontour · 2010-01-18 06:26 · Score: 2, Funny
  
  Mission accomplished. I got this on the second link that I clicked.
  
  We are currently unable to serve your request
  We apologize, but an error occurred and your request could not be completed.
  This error has been logged. If you have additional information that you believe may have caused this error please report the problem here.
25. Re:So how do we DDoS Microsoft? by Yakasha · 2010-01-18 06:56 · Score: 2, Funny
  
  Clue: Subtle joke, deserves 'funny' moderation ;)
  Subtle + Slashdot = FAIL
  And what exactly are you hinting at?
26. Re:So how do we DDoS Microsoft? by __aaclcg7560 · 2010-01-18 07:31 · Score: 2, Funny
  
  I thought Ken(tm) was interested in G.I. Joe(tm) these days. :P
27. Re:So how do we DDoS Microsoft? by gbjbaanb · 2010-01-18 07:50 · Score: 2, Funny
  
  IP addresses aren't enough? You're MS--if you can't fix the problem and IP addresses are given, damn, that's just sad. You're freaking massive multi-billion dollar tech companies, and this is the best you can do?
  I've seen and used Vista. The answer to your question is "yes".
28. Re:So how do we DDoS Microsoft? by budgenator · 2010-01-18 09:59 · Score: 2, Funny
  
  The unobtainable fruit is always thought to be the sweetest.
  
  --
  Apocalypse Cancelled, Sorry, No Ticket Refunds
29. Re:So how do we DDoS Microsoft? by Passman · 2010-01-18 12:02 · Score: 2, Funny
  
  Nah, G.I. Joe was interested in G.I. Joe these days. But don't bother asking, he won't tell.
  
  --
  Minne-snow-da: Winter is comming...
30. Re:So how do we DDoS Microsoft? by spongman · 2010-01-18 19:27 · Score: 2, Funny
  
  let's hope they don't store it compressed...
31. Re:So how do we DDoS Microsoft? by drinkypoo · 2010-01-18 23:33 · Score: 2, Interesting
  
  Instead we have Slashtroglodytes screaming about conspiracies by MSFT.
  Just for the record, since you're commenting under a thread I started, I do not believe that there was a conspiracy to attack CPAN. I think there is a conspiracy to continue accidentally attacking CPAN. The information provided ought to be more than sufficient to figure out what is going on. Remember, any time two people work to screw a third out of something, it's a conspiracy by definition.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I've seen it before by LordAzuzu · 2010-01-18 00:54 · Score: 5, Interesting

I manage some networks in my home city in Italy, and in the past year I've often seen strange traffic coming from some of their IP addresses. Guess they have been exploited by someone long time ago, and didn't even notice it.
1. Re:I've seen it before by beadfulthings · 2010-01-18 02:51 · Score: 3, Interesting
  
  It's interesting to read this, as I've had some random and somewhat incomprehensible port scans coming from an IP address identified as one of theirs. If you're just an insignificant slob, you can't write to their abuse address, either; you'll get bounced. I simply blocked that particular IP address. Let them worry about who's gotten to them.
  
  --
  "Here's what's happening. You're starting to drive like your Dad..." - Red Green
Check the blog... by strredwolf · 2010-01-18 00:58 · Score: 4, Funny

Looks like Microsoft's Bing managers are on it. They'll make it worse in no-time flat. :)
BTW, the difference between a DDOS and a Slashdotting? You know why your site went down -- you got linked!

--

--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
1. Re:Check the blog... by Anonymous Coward · 2010-01-18 01:22 · Score: 5, Funny
  
  BTW, the difference between a DDOS and a Slashdotting?
  The DDOS bots actually read TFA.
2. Re:Check the blog... by jc42 · 2010-01-18 03:55 · Score: 4, Insightful
  
  They admitted they were powerless to solve their own problems without help from their victims.
  Heh. It's another "damned if you do; damned if you don't" scenario. Usually, people criticise Microsoft for developing software without bothering to consult or test with actual customers. Now we have a manager of a MS dev group that actually does communicate (though not exactly with "customers"), and acts on what they say, so he's criticised for needing help from his "victims".
  Ya can't win that game.
  But the fact is that if you're developing server-side web software, you need to test it against real-world sites, not just the toy sites you've set up in your lab. And we all know the "Sourcerer's Apprentice" sort of bug that produces a runaway test that tries to do something as many times as it can per second until it's killed. Good testers will be on the lookout for such events, but it's understandable that they might fail occasionally
  Among web developers, MS does have a bit of a reputation for hitting your new site with a flood of requests, trying to extract everything that you have (even the content of your "tmp" directory which your robots.txt file says to ignore). There are lots of small sites that block MS address ranges for just this reason.
  It should be considered good news that there's at least one MS manager who understands all this, and is willing to talk to the "victims" and fix the problems. Now if they could fix the next-level problem, that this sort of thing happens repeatedly and their corporate culture seems to have no way to prevent it from happening again.
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
3. Re:Check the blog... by schon · 2010-01-18 09:58 · Score: 2, Informative
  
  They admitted they were powerless to solve their own problems without help from their victims.
  Heh. It's another "damned if you do; damned if you don't" scenario.
  Un, no. Not unless you're a rabid MS apologist.
  
  Usually, people criticise Microsoft for developing software without bothering to consult or test with actual customers.
  True.
  
  Now we have a manager of a MS dev group that actually does communicate (though not exactly with "customers"), and acts on what they say, so he's criticised for needing help from his "victims".
  Umm, exactly how did he act on what they said? According to the quote, they explicitly didn't act, which is the problem people are complaining about.
MS ineptitude? by Anonymous Coward · 2010-01-18 00:59 · Score: 2, Insightful

From TFA:

Hi,
I am a Program Manager on the Bing team at Microsoft, thanks for bringing this issue to our attention. I have sent an email to nospam@example.com as we need additional information to be able to track down the problem. If you have not received the email please contact us through the Bing webmaster center at nospam@example.com.
I mean, what additional information is needed wrt "respecting robots.txt" and "not letting loose more than one bot on a site at a time"?
Bing. Meh.
1. Re:MS ineptitude? by Anonymous Coward · 2010-01-18 02:29 · Score: 2, Interesting
  
  It kind of depends on the individual robots.txt. Google, for instance, added a bunch of extended rules that they respect but which aren't officially part of the robots.txt spec (which is pretty limited). If they've added some of those rules in it could be that it's failing to validate when the MS bot hits it and therefore being ignored.
2. Re:MS ineptitude? by ShecoDu · 2010-01-18 05:14 · Score: 3, Interesting
  
  I remember reading that the MSNBOT reads the "Robots.txt" file, but cpantesters has a lowercase filename:
  http://static.cpantesters.org/robots.txt
  http://static.cpantesters.org/Robots.txt doesn't exist, so basically MSNBOT only respects the robots.txt on case insensitive operating systems.
3. Re:MS ineptitude? by John+Hasler · 2010-01-18 06:23 · Score: 3, Interesting
  
  The standard clearly specifies lower case. However, if you are correct there's a simple way to send bingbots one way and all other bots another: create Robots.txt and robots.txt with different contents.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Probably just a bug. by tjstork · 2010-01-18 00:59 · Score: 5, Insightful

I know everyone likes to assume that Microsoft is being evil here, but wouldn't the more realistic assumption be that they were just being incompetent?

--
This is my sig.
1. Re:Probably just a bug. by Lloyd_Bryant · 2010-01-18 01:06 · Score: 5, Insightful
  
  I know everyone likes to assume that Microsoft is being evil here, but wouldn't the more realistic assumption be that they were just being incompetent?
  Sufficiently advanced incompetence is indistinguishable from malice. For additional examples, see Government, US.
  The simple fact is that ignoring robots.txt is effectively evil, regardless of the intent. It's not like robots.txt is some new innovation...
  
  --
  Don't tell me to get a life. I had one once. It sucked.
2. Re:Probably just a bug. by fish+waffle · 2010-01-18 01:06 · Score: 5, Insightful
  
  I know everyone likes to assume that Microsoft is being evil here, but wouldn't the more realistic assumption be that they were just being incompetent?
  Probably. But since incompetence is the plausible deniability of evil it's sometimes hard to tell.
3. Re:Probably just a bug. by alexhs · 2010-01-18 01:10 · Score: 2, Insightful
  
  these bots 'completely ignore the rules specified in robots.txt.'
  Microsoft ignoring standards is not incompetence, it's policy (NIH syndrome).
  
  --
  I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
4. Re:Probably just a bug. by djupedal · 2010-01-18 01:12 · Score: 4, Insightful
  
  > "I know everyone likes to assume that Microsoft is being evil here, but wouldn't the more realistic assumption be that they were just being incompetent?"
  
  We assume MS is evil...
  
  We know they are incompetent.
  
  We feel this is typical.
  
  We pray they'd just go away.
  
  We think this will never end...
5. Re:Probably just a bug. by gmuslera · 2010-01-18 01:15 · Score: 3, Insightful
  
  They are not ignoring robots.txt, probably just that they understand that file in their slighly different, but in the end incompatible, format. As every other file.
6. Re:Probably just a bug. by Yvanhoe · 2010-01-18 01:16 · Score: 4, Interesting
  
  There is such thing as criminal incomptence. If a script kiddie can be arrested for having a virus "out of control" I don't see why Microsoft engineers DDOSing a website couldn't be charged.
  
  By the way a philosopher once told that "evil" did not exist. That it was most of the time just a kind of hidden stupidity.
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
7. Re:Probably just a bug. by MrMr · 2010-01-18 01:19 · Score: 5, Insightful
  
  The problem is, there is no evidence that:
  Never ascribe to stupidity that which can be adequately explained by malice.
  Is invoking more entities.
  In fact, claiming that the commercially most successfull software company got there through stupidity rather than malice sounds extremely implausible to me.
8. Re:Probably just a bug. by Rogerborg · 2010-01-18 01:30 · Score: 5, Informative
  
  You're probably new here, but if you'd RTFA, you'd see that:
  
  It seems their bots completely ignore the rules specified in the robots.txt, despite me setting it up as per their own guidelines on their site
  Come to think of it though, isn't this what happens to most people who try to interoperate with Microsoft?
  Amusingly, if I Google for "bing robots.txt" I get a link to a bing page titled "Bing - Robots.txt Disallow vs No Follow - Neither Working!" which has already been elided from history by Microsoft. CLassy.
  
  --
  If you were blocking sigs, you wouldn't have to read this.
9. Re:Probably just a bug. by Suki+I · 2010-01-18 01:35 · Score: 5, Funny
  
  Try saving a copy as robots.docx and see if that works ;)
  
  --
  Home of The Suki Series
10. Re:Probably just a bug. by Opportunist · 2010-01-18 01:38 · Score: 4, Funny
  
  Like my grandpa said, it doesn't matter how dumb you are. As long as you find someone even dumber to sell to.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
11. Re:Probably just a bug. by afidel · 2010-01-18 01:56 · Score: 4, Funny
  
  I wonder if it's a CR/CRLF bug =)
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
12. Re:Probably just a bug. by hairyfeet · 2010-01-18 02:07 · Score: 3, Interesting
  
  But MSFT is a corporation, which thanks to our corporate butt kissing congress and courts can just go "ooopsie", maybe cut a small check at most, and walk away scott free.
  And as for your philosopher? I saw an interview with Joss Whedon on writing evil characters that I thought really hit the nail on the head. He said, and I paraphrase "The villain never sees himself or herself as evil. To them there is a perfectly justifiable reason for their actions. I have known some truly evil people, those that have intentionally hurt their fellow man out of pure malice, and to them their actions were justified and noble. They simply didn't see what they did as wrong."
  Which is how you get MSFT and Intel paying backroom deals to crush competition, or Jack Trammell and his "business is war" philosophy. To the ones making the decisions "the other guy would do it to us if they could, so why shouldn't we do it to them?". I'm sure that if you talked to Gates or the head of Intel you could never get them to believe that crushing your competition any way you can is wrong. To them that was/is business 101 and not evil. That is why I think Whedon was right, the villain always thinks they are noble.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
13. Re:Probably just a bug. by schon · 2010-01-18 02:09 · Score: 5, Insightful
  
  It has nothing to do with the RTFA.
  
  their own guidelines on their site
  As anyone who has ever read MS documentation can tell you, you need to read it, then implement a test, so you can see what it really expects, then adjust your test, then try it until it works.
  Their problem is that they expected MS documentation to actually describe the expected behaviour.
14. Re:Probably just a bug. by PinkyDead · 2010-01-18 02:28 · Score: 5, Funny
  
  Microsoft don't have any tools that can effectively read that format.
  
  --
  Genesis 1:32 And God typed :wq!
15. Re:Probably just a bug. by Goaway · 2010-01-18 02:36 · Score: 3, Informative
  
  I'm sure you heard that, but it's not actually true in any way.
16. Re:Probably just a bug. by blueZ3 · 2010-01-18 02:36 · Score: 3, Insightful
  
  What's amusing about the issue in the kb is that the problem that they're "solving" by breaking the username/password in a URL standard is NOT a problem with username/password URLs, but a problem with how IE displays the URLs. In other words, rather than fixing the behavior of IE's address and status bars to display such URLs correctly, they just stopped supporting them.
  Incompetence at that level isn't just indistinguishable from malice, it IS malicious.
  
  --
  Interested in a Flash-based MAME front end? Visit mame.danzbb.com
17. Re:Probably just a bug. by mR.bRiGhTsId3 · 2010-01-18 03:21 · Score: 3, Interesting
  
  That would be tremendously amusing. I can see the headline now. Bing robots DDoS attack every Unix hosted site by assuming Windows linefeeds.
18. Re:Probably just a bug. by Pharmboy · 2010-01-18 03:26 · Score: 2, Funny
  
  Wow, you must be new....to computers. I particularly liked you comment "A site could have quality links to non ignore sites." as justification for a bot to ignore robots.txt. Can I have your AOL email address so I can write you personally?
  
  --
  Tequila: It's not just for breakfast anymore!
19. Re:Probably just a bug. by b1t+r0t · 2010-01-18 03:28 · Score: 2, Informative
  
  What exactly do you mean by "elided from history"? I brought them both up, turned off the CSS (Google's version is broken), and tab-flipped betwen them. Not only is the page still there, it has all the same posts as the Google cache version, with small differences such as tags switching around, number of posts by users, and another stupid Blackpool adlink. Maybe you found some messages missing and then Google later re-cached it, but the thread itself is certainly not missing.
  
  --
  
  --
  "Open source is good." - Steve Jobs
  "Open source is evil." - Microsoft
This is a normal occurence for Bing by Anonymous Coward · 2010-01-18 01:11 · Score: 5, Informative

I had a registration page - static content basically. The only thing that was dynamic was that it was referred to by many pages on the site with a variable in the querystring. Bing decided that it needed check on this one page *thousands* of time per day.
They ignored robots.txt.
I sent a note to an address on the Bing site that requested feedback from people having issues with the Bing bots - nothing.
The only thing they finally 'listened' to was placing "" in the header.
This kind of sucked because it took the registration page out of the search engines' index, however it was much better than being DDOS'd. Plus, the page is easy to find on the site so not *that* big a deal.
Bing has been open for months now and if you search around there are tons of stories just like this. Maybe now that a site with some visibility has been 'attacked', the engineers will take a look at wtf is wrong.
Flooding... by Bert64 · 2010-01-18 01:15 · Score: 4, Informative

I have noticed the microsoft crawlers (msnbot) being fairly inefficient on many of my sites...
In contrast to googlebot and spiders from other search engines msnbot is far more aggressive, ignores robots.txt and will frequently re-request the same files repeatedly, even if those files haven't changed... Looking at my monthly stats (awstats) which groups traffic from bots, msnbot will frequently have consumed 10 times more bandwidth than googlebot, but is responsible for far less incoming traffic based on referrer headers (typically 1-2% of the traffic generated by google on my sites).
Other small search engines don't bring much traffic either, but their bots don't hammer my site as hard as msnbot does.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Are you sure? by Errol+backfiring · 2010-01-18 01:21 · Score: 4, Insightful

Are we sure this traffic comes from Microsoft? Could it not consist of forged network packets? You don't need a reply if you are running a DDOS. On the other hand, why would anyone, including Microsoft, want to bring down CPAN?

--
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
1. Re:Are you sure? by Anonymous Coward · 2010-01-18 01:34 · Score: 3, Funny
  
  Because they are coming out with P# and don't want the competition?
2. Re:Are you sure? by Anonymous Coward · 2010-01-18 01:40 · Score: 2, Informative
  
  You only see an IP in an apache log after a successfull TCP handshake. This is hard (not impossible, but really, really hard) to do with a forged IP.
3. Re:Are you sure? by TheRaven64 · 2010-01-18 01:45 · Score: 5, Informative
  
  Are we sure this traffic comes from Microsoft? Could it not consist of forged network packets?
  
  It's a TCP connection, so they need to have completed the three-way handshake for it to work. That means that they must have received the SYN-ACK packet or by SYN flooding. If they are SYN flooding, then that would show up in the firewall logs. If they've received the SYN-ACK packet then they are either from that IP, or they are on a router between you and that IP and can intercept and block the packets from thatIP.
  
  You don't need a reply if you are running a DDOS.
  You do if it's via TCP. If they're just ping flooding, then that's one thing, but they're issuing HTTP requests. This involves establishing a TCP connection (send SYN, receive SYN-ACK with random number, reply ACK with that number) and involves sending TCP window replies for each group of TCP packets that you receive.
  
  On the other hand, why would anyone, including Microsoft, want to bring down CPAN?
  Who says that they want to? It's more likely that their web crawler has been written to the same standard as the rest of their code.
  
  --
  I am TheRaven on Soylent News
Re:So block those IP ranges? by John+Hasler · 2010-01-18 01:34 · Score: 3, Informative

> ...why not just block them?
They have.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:So block those IP ranges? by Sarten-X · 2010-01-18 01:38 · Score: 5, Insightful

For ignoring robots.txt, they don't deserve any more nor less.

--
You do not have a moral or legal right to do absolutely anything you want.
Re:Oh! *Literally* Microsoft bots! by Ardaen · 2010-01-18 01:56 · Score: 4, Informative

Probably not, if you look at other incidents: http://cmeerw.org/blog/594.html it appears they just like to push the limits.
Re:Robots.txt by Ogi_UnixNut · 2010-01-18 02:00 · Score: 2, Informative

It's the first. Whatever you specify in the robots.txt as no-follow etc... means not to spider the pages, so no scanning of them at all.
You use it for when you only want part of your site to appear in search results, such as just the front page (for example). The rest of the site should not be touched by the bot at all.
Send the lost bots home. by N1ckR · 2010-01-18 02:13 · Score: 5, Funny

I redirect lost bots home, seems a polite thing to do. 301 www.microsoft.com
Re:The US government is competent. by jimicus · 2010-01-18 02:19 · Score: 2

The US Gov't has successfully operated as a going concern for 220+ years, with a proven and reliable management structure. Few, if any corporations, have been able to do that.
Private corporations can go under with just a couple of bad years. Or even months, particularly if they're new businesses. Governments just have to raise taxes.
Re:Robots.txt by afidel · 2010-01-18 02:23 · Score: 2, Informative

It's basically a rough pattern filter that the bot is supposed to follow on parts of the site not to crawl. One reason it's used is that you can have dynamically generated pages that create an infinite loop that's impossible for the bot to detect.

--
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
DDoS? Really? by Siberwulf · 2010-01-18 02:33 · Score: 2, Informative

I'm pretty sure the first "D" in DDoS stands for "Distributed."

If it was really a DDoS, you wouldn't be able to filter the IP out with a simple regex (like the /^65\.55\.(106|107|207)/. from TFA).

To boot, TFA didn't even say DDoS. Maybe that's too much to expect the editors to oh... I don't know...say... RTFA or Fact-Check it?

I should drop my bar a bit, I suppose.
No problem by rgviza · 2010-01-18 02:51 · Score: 4, Informative

ipchains -A input -j REJECT -p all -s 65.55.207.0/24 -i eth0 -l
ipchains -A input -j REJECT -p all -s 65.55.107.0/24 -i eth0 -l
ipchains -A input -j REJECT -p all -s 65.55.106.0/24 -i eth0 -l
problem solved

--
Don't kid yourself. It's the size of the regexp AND how you use it that counts.
1. Re:No problem by j_sp_r · 2010-01-18 03:47 · Score: 4, Informative
  
  Linux IP Firewalling Chains, normally called ipchains, is free software to control the packet filter/firewall capabilities in the 2.2 series of Linux kernels. It superseded ipfwadm, but was replaced by iptables in the 2.4 series.
  You're a few kernels behind.
Complain to Upstream Providers by jchawk · 2010-01-18 02:57 · Score: 3, Interesting

The CPAN folks could complain to their ISP and have them drop the traffic that's coming in to their boxes.
Most ISP's will work with you to correct DDOS problems.
Re:Happy Dead Nigger Day! by woody.jesus · 2010-01-18 03:03 · Score: 2, Funny

How dare you sir (or madam)!! How dare you! It is clear from the title of your post that you were not so subtly casting aspersions on an organization who I hold dear -- namely the Hirsute Dungeons n' Dragons society. You can frame your remarks in some obscure racial epithets, but to those of us who twirl our mustaches or stroke our beards while rolling dice, your insidious implication is brazenly clear. As the leader of a group of men (and women) With decorative facial hair who play Dungeons n' Dragons every Wednesday night, I cannot help but express the strongest offense to your euphamisticaly delivered hidden acronym. In the future, should you have such thoughts I would urge you to Do Not Say them.

--
"You never pushed a noun against a verb except to blow up something" (Spencer Tracey, 'Inherit the Wind')
Re:Robots.txt by John+Hasler · 2010-01-18 03:40 · Score: 2, Informative

Is it an 'agreement' to not scan the site at all...
It is a request not to scan part or all of a site. robots.txt

And if so, I can't see anything wrong with what Microsoft's bots did.
Every site does not have dozens of powerful servers and terabytes of bandwidth, nor is every site an ad-supported one that wants to maximize traffic. Common courtesy requires that a bot operator minimize his impact on any given site and honor requests not to index. Of course "courtesy" and "honor" are concepts that baffle Microsoft managers.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Mod parent up by Lonewolf666 · 2010-01-18 03:55 · Score: 3, Insightful

While he could be more polite, it is indeed embarrassing for Microsoft if they cannot check their own network
a) for the existence of computers with given IPs
b) what these computers are doing
I think that deserves an "insightful" that cancels out the "flamebait".

--
C - the footgun of programming languages
Re:US Government is good. by Nadaka · 2010-01-18 04:07 · Score: 2, Informative

Nothing you listed under the "War on Drugs" has anything to do with the war on drugs.
The war on drugs has made America a police state where the government can seize any of your property and auction it for profit before your trial. Even if you are found innocent, or the charges are thrown out for insufficient grounds, you will not be compensated for your lost money or profit. It has made an America where more people are imprisoned than any other nation on earth. It has made a nation where the cheapest and most effective drug for curing glaucoma and mitigating the pain and nausea associated with cancer treatments is a crime. Its made a nation where at least half its citizens are criminals.
Re:I can't wait till the MS bots index private dat by John+Hasler · 2010-01-18 04:10 · Score: 2, Insightful

Robots.txt is merely advisory. Ignoring it is discourteous and oafish but not illegal.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
hello? firewall? by v1 · 2010-01-18 04:15 · Score: 2, Insightful

if it's a scan (TCP established stream, taxing the SERVERS, not the NETWORK) that's the problem, as opposed to a SYN flood etc, and the IP addresses are in a very small range, why aren't they just using a hardware firewall at the router and blocking the IPs? There's not a whole lot to "distributed" when it's coming from a pair of C's.
Not saying they should be DOING it, but this is not a Denial of Service, it's a Denial of Stupid.

--
I work for the Department of Redundancy Department.
bing is written in perl by bingoUV · 2010-01-18 06:59 · Score: 2, Funny

Got it! Bing is written in perl. They do regular expression matching while crawling and forgot to have a \E ... \Q escape sequence for the regex matching. They got so much perl code on CPAN, full of special characters, that somehow the crawler engine went into an infinite loop.

--
Bingo Dictionary - Pragmatist, n. A myopic idealist.