From: gilmae (firstname.lastname@example.org)
Date: Fri Oct 11 2002 - 13:02:44 BST
Ian Hickson wrote:
>On Fri, 11 Oct 2002, Stuart Langridge wrote:
>>Sam Rowe complains that the Pingback spec doesn't have any way to
>>prevent spam or DoS attacks by repeatedly hitting a Pingback server.
>>Didn't we discuss this problem and resolve it?
>>From the spec:
># However, the following steps are RECOMMENDED:
># 1. The server MAY attempt to fetch the source URI to verify that the
># source does indeed link to the target.
> -- http://www.hixie.ch/specs/pingback/pingback#TOC3
That's not much protection. It isn't that hard to set up a script to
create weblog posts with a link, ping the target and then delete the
pinging post, a couple of hundred times.
1. The server MAY attempt to prevent multiple pings from the same IP
within a small amount of time.
Essentially, the slashdot lameness filter.
Message sent over the Blogite mailing list.
This archive was generated by hypermail 2.1.5 : Fri Oct 11 2002 - 15:05:01 BST