Microsoft Bots Effectively DDoSing Perl CPAN Testers

← Back to Stories (view on slashdot.org)

Microsoft Bots Effectively DDoSing Perl CPAN Testers

Posted by timothy on Monday January 18, 2010 @12:48AM from the stuck-in-a-rut dept.

at_slashdot writes "The Perl CPAN Testers have been suffering issues accessing their sites, databases and mirrors. According to a posting on the CPAN Testers' blog, the CPAN Testers' server has been being aggressively scanned by '20-30 bots every few seconds' in what they call 'a dedicated denial of service attack'; these bots 'completely ignore the rules specified in robots.txt.'" From the Heise story linked above: "The bots were identified by their IP addresses, including 65.55.207.x, 65.55.107.x and 65.55.106.x, as coming from Microsoft."

20 of 332 comments (clear)

I've seen it before by LordAzuzu · 2010-01-18 00:54 · Score: 5, Interesting

I manage some networks in my home city in Italy, and in the past year I've often seen strange traffic coming from some of their IP addresses. Guess they have been exploited by someone long time ago, and didn't even notice it.
Probably just a bug. by tjstork · 2010-01-18 00:59 · Score: 5, Insightful

I know everyone likes to assume that Microsoft is being evil here, but wouldn't the more realistic assumption be that they were just being incompetent?

--
This is my sig.
1. Re:Probably just a bug. by Lloyd_Bryant · 2010-01-18 01:06 · Score: 5, Insightful
  
  I know everyone likes to assume that Microsoft is being evil here, but wouldn't the more realistic assumption be that they were just being incompetent?
  Sufficiently advanced incompetence is indistinguishable from malice. For additional examples, see Government, US.
  The simple fact is that ignoring robots.txt is effectively evil, regardless of the intent. It's not like robots.txt is some new innovation...
  
  --
  Don't tell me to get a life. I had one once. It sucked.
2. Re:Probably just a bug. by fish+waffle · 2010-01-18 01:06 · Score: 5, Insightful
  
  I know everyone likes to assume that Microsoft is being evil here, but wouldn't the more realistic assumption be that they were just being incompetent?
  Probably. But since incompetence is the plausible deniability of evil it's sometimes hard to tell.
3. Re:Probably just a bug. by MrMr · 2010-01-18 01:19 · Score: 5, Insightful
  
  The problem is, there is no evidence that:
  Never ascribe to stupidity that which can be adequately explained by malice.
  Is invoking more entities.
  In fact, claiming that the commercially most successfull software company got there through stupidity rather than malice sounds extremely implausible to me.
4. Re:Probably just a bug. by Rogerborg · 2010-01-18 01:30 · Score: 5, Informative
  
  You're probably new here, but if you'd RTFA, you'd see that:
  
  It seems their bots completely ignore the rules specified in the robots.txt, despite me setting it up as per their own guidelines on their site
  Come to think of it though, isn't this what happens to most people who try to interoperate with Microsoft?
  Amusingly, if I Google for "bing robots.txt" I get a link to a bing page titled "Bing - Robots.txt Disallow vs No Follow - Neither Working!" which has already been elided from history by Microsoft. CLassy.
  
  --
  If you were blocking sigs, you wouldn't have to read this.
5. Re:Probably just a bug. by Suki+I · 2010-01-18 01:35 · Score: 5, Funny
  
  Try saving a copy as robots.docx and see if that works ;)
  
  --
  Home of The Suki Series
6. Re:Probably just a bug. by schon · 2010-01-18 02:09 · Score: 5, Insightful
  
  It has nothing to do with the RTFA.
  
  their own guidelines on their site
  As anyone who has ever read MS documentation can tell you, you need to read it, then implement a test, so you can see what it really expects, then adjust your test, then try it until it works.
  Their problem is that they expected MS documentation to actually describe the expected behaviour.
7. Re:Probably just a bug. by PinkyDead · 2010-01-18 02:28 · Score: 5, Funny
  
  Microsoft don't have any tools that can effectively read that format.
  
  --
  Genesis 1:32 And God typed :wq!
This is a normal occurence for Bing by Anonymous Coward · 2010-01-18 01:11 · Score: 5, Informative

I had a registration page - static content basically. The only thing that was dynamic was that it was referred to by many pages on the site with a variable in the querystring. Bing decided that it needed check on this one page *thousands* of time per day.
They ignored robots.txt.
I sent a note to an address on the Bing site that requested feedback from people having issues with the Bing bots - nothing.
The only thing they finally 'listened' to was placing "" in the header.
This kind of sucked because it took the registration page out of the search engines' index, however it was much better than being DDOS'd. Plus, the page is easy to find on the site so not *that* big a deal.
Bing has been open for months now and if you search around there are tons of stories just like this. Maybe now that a site with some visibility has been 'attacked', the engineers will take a look at wtf is wrong.
Re:Check the blog... by Anonymous Coward · 2010-01-18 01:22 · Score: 5, Funny

BTW, the difference between a DDOS and a Slashdotting?
The DDOS bots actually read TFA.
Re:So how do we DDoS Microsoft? by jlp2097 · 2010-01-18 01:31 · Score: 5, Informative

Not necessary. A Bing Product Manager has already commented on the CPAN Testers blog entry upon which the article is based:

Hi,
I am a Program Manager on the Bing team at Microsoft, thanks for bringing this issue to our attention. I have sent an email to barbie@cpan.org as we need additional information to be able to track down the problem. If you have not received the email please contact us through the Bing webmaster center at bwmc@microsoft.com.
As said below, never ascribe to malice that which can be adequately explained by stupidity. (Insert lame joke about MSFT being full of stupidity here).
Re:So block those IP ranges? by Sarten-X · 2010-01-18 01:38 · Score: 5, Insightful

For ignoring robots.txt, they don't deserve any more nor less.

--
You do not have a moral or legal right to do absolutely anything you want.
Re:So how do we DDoS Microsoft? by Anonymous Coward · 2010-01-18 01:42 · Score: 5, Funny

As much spam as I get from ir@infousa.com , I wish that someone would DDOS that damned company. If I knew of a way to get extra spam to ir@infousa.com I would probably do it so that company could get a taste of its own medicine. ir@infousa.com sent me unsolicited spam and it drives me nuts. Thanks for nothing, ir@infousa.com . It makes me want to call the company at (402)593-4500 and complain, but I don't have time. I guess I'll email them at ir@infousa.com instead. maybe.
Re:So how do we DDoS Microsoft? by kulnor · 2010-01-18 01:42 · Score: 5, Funny

Well, with Barbie(TM) on the case, this should be quickly resolved (unless she's too busy with G.I.Joe(TM))
Re:Are you sure? by TheRaven64 · 2010-01-18 01:45 · Score: 5, Informative

Are we sure this traffic comes from Microsoft? Could it not consist of forged network packets?

It's a TCP connection, so they need to have completed the three-way handshake for it to work. That means that they must have received the SYN-ACK packet or by SYN flooding. If they are SYN flooding, then that would show up in the firewall logs. If they've received the SYN-ACK packet then they are either from that IP, or they are on a router between you and that IP and can intercept and block the packets from thatIP.

You don't need a reply if you are running a DDOS.
You do if it's via TCP. If they're just ping flooding, then that's one thing, but they're issuing HTTP requests. This involves establishing a TCP connection (send SYN, receive SYN-ACK with random number, reply ACK with that number) and involves sending TCP window replies for each group of TCP packets that you receive.

On the other hand, why would anyone, including Microsoft, want to bring down CPAN?
Who says that they want to? It's more likely that their web crawler has been written to the same standard as the rest of their code.

--
I am TheRaven on Soylent News
Send the lost bots home. by N1ckR · 2010-01-18 02:13 · Score: 5, Funny

I redirect lost bots home, seems a polite thing to do. 301 www.microsoft.com
Re:So how do we DDoS Microsoft? by Anonymous Coward · 2010-01-18 02:55 · Score: 5, Insightful

"as we need additional information to be able to track down the problem."
IP addresses aren't enough? You're MS--if you can't fix the problem and IP addresses are given, damn, that's just sad. You're freaking massive multi-billion dollar tech companies, and this is the best you can do?
No wonder Chinese hackers own our asses.
Then again, it took Comcast 9 months to fix a security hole in customer accounts (which would have required an s to http to make pages SSL'd), and the only reason it was "fixed" was because they did their annual website makeover and changed their entire system to something Flash based. Then again, I had contacted a VP, VP's security, referred to web security, and talked to web security 3x, talked to a manager. The last 3 groups verified the problem. It was referred to their web applications team by that point, who sat on it.
Lovely world we live in.
Re:So how do we DDoS Microsoft? by Spatial · 2010-01-18 03:23 · Score: 5, Funny

How horrible are your employees at their jobs when they require the assistance of their victims to fix the problem?
[Every IT worker on Slashdot looks around nervously]
Re:So how do we DDoS Microsoft? by Chris+Burke · 2010-01-18 05:28 · Score: 5, Insightful

I've never liked that saying because of the implication that malice and stupidity are exclusive.
Dumb and mean are often found together.

--

The enemies of Democracy are