From: michel v (m@tidakada.com)
Date: Fri Oct 11 2002 - 13:14:09 BST
Now now, the HTTP spec doesn't have built-in DDoS protection, let's all
stop using it! My email is getting spam from thousands different
addresses, the email spec sucks !
Yeah. So what, it's all dependent on the implementations.
On a funny note, has anybody complained about this yet ?
http://example.com/trackback.php?tb_id=504&title=this+is+trackback+spam&url=http%3A%2F%2Fspammer.com%2Findex.php%3Fp%3Dspam&blog_name=A+spammer%27s+weblog&excerpt=you%27ve+got+to+love+interfaces+that+you+can+post+with+right+from+the+URL+bar%21+this+is+spam%21+%3
gilmae wrote:
>
> Ian Hickson wrote:
>
>> On Fri, 11 Oct 2002, Stuart Langridge wrote:
>>
>>
>>> Sam Rowe complains that the Pingback spec doesn't have any way to
>>> prevent spam or DoS attacks by repeatedly hitting a Pingback server.
>>>
>>> Didn't we discuss this problem and resolve it?
>>>
>>
>>
>>> From the spec:
>>
>>
>> # However, the following steps are RECOMMENDED:
>> #
>> # 1. The server MAY attempt to fetch the source URI to verify that the
>> # source does indeed link to the target.
>> #
>> -- http://www.hixie.ch/specs/pingback/pingback#TOC3
>>
>>
>>
> That's not much protection. It isn't that hard to set up a script to
> create weblog posts with a link, ping the target and then delete the
> pinging post, a couple of hundred times.
>
> Perhaps
>
> 1. The server MAY attempt to prevent multiple pings from the same IP
> within a small amount of time.
>
> Essentially, the slashdot lameness filter.
>
> g.
-- Michel Valdrighi http://tidakada.com Message sent over the Blogite mailing list. Archives: http://www.aquarionics.com/misc/archives/blogite/ Instructions: http://www.aquarionics.com/misc/blogite/
This archive was generated by hypermail 2.1.5 : Fri Oct 11 2002 - 15:05:01 BST