From: gilmae (gilmaevski@mail.ru)
Date: Fri Oct 11 2002 - 13:02:44 BST
Ian Hickson wrote:
>On Fri, 11 Oct 2002, Stuart Langridge wrote:
>
>
>>Sam Rowe complains that the Pingback spec doesn't have any way to
>>prevent spam or DoS attacks by repeatedly hitting a Pingback server.
>>
>>Didn't we discuss this problem and resolve it?
>>
>>
>
>>From the spec:
>
># However, the following steps are RECOMMENDED:
>#
># 1. The server MAY attempt to fetch the source URI to verify that the
># source does indeed link to the target.
>#
> -- http://www.hixie.ch/specs/pingback/pingback#TOC3
>
>
>
That's not much protection. It isn't that hard to set up a script to
create weblog posts with a link, ping the target and then delete the
pinging post, a couple of hundred times.
Perhaps
1. The server MAY attempt to prevent multiple pings from the same IP
within a small amount of time.
Essentially, the slashdot lameness filter.
g.
Message sent over the Blogite mailing list.
Archives: http://www.aquarionics.com/misc/archives/blogite/
Instructions: http://www.aquarionics.com/misc/blogite/
This archive was generated by hypermail 2.1.5 : Fri Oct 11 2002 - 15:05:01 BST