Step II. On September the 24th, I hear on irc that righteous indignators be leveling threats of DDoSing and other nefarious business! So upon reviewing the logs of Trilema it turns out that it had been in fact attacked! Twice!
The first attack came on the 19th, and it was piddly, probably a kid with his 500 strong botnet trying to bring down wordpress through reloading pages or something. As you can see it barely registered on the dial, but then again how's random derp to know half a GB is peanuts here at the core of the Internet, where The New York Times comes for inspiration and cribbing material ?
The second attack came on the 24th, in the shape of a Wordpress pingback amplified DDoSii. It also didn't do anything notable, Trilema was online throughout. The attacker was diligent however, using a somewhat lengthy (tens of thousands) list of vulnerable blogs, and reusing them rarely (less than once an hour). Practically speaking, the only actual effect of this was an inflation of apparent unique visitors as far as Awstats is concerned.
The third attack came on the 28th, in the wake of frustration, desperation and ridicule endured also on irc. This time fewer blogs (thousands) were used intensively (thousands of times each) making it reasonably easy to blockiii, and that was pretty much the last we've ever heard of this "Reddit police" thing/dorkery.
Step III. The following day I went on the counteroffensive. I created a one line fix for the vulnerability that allows this particular form of DDoS to happeniv, I created a static html page describing the problem and the fix, I extracted the list of blogs involved in the attack and I proceeded to send them a pingback notifying them of the problem, and in the same pass providing proof that it is in fact a problem. So they can fix it, and in the process learn a thing or two about Automattic (and hopefully the rest of the bezzle world).
I received tons of email, some from people thanking me, a majority from people completely confused as to anything and everything, beginning at "how to ask a meaningful question" or "what to do when something happens". The list's not done yet (I'm trying not to DDoS myself while doing it, obviously), but here's a nice illustration covering the second half of September :
Depicted in that screencap : first attack, no effect. Second attack, lots of visits (ie, different IPs), very few pages and proportionally even fewer hits (ie, the various resources loaded to compose a page). Third attack, fewer apparent visits (Awstats doesn't count banned/bot IPs, obviously), a shitton of pages and hits (because the few IPs that didn't hit often enough to get blocked hit again and again and again). Then once I started pinging people, a lot more hits than the sum of all the attacks, and while their behaviour isn't exactly in line with the average behaviour of the Trilema reader in terms of time spent on site, they're slowly getting there.
In conclusion : not only "Reddit police" fails miserably at its stated goal, but this has been by far the best exposure Trilema ever got to this dayv.
And if you're in an accounting mood : it took me a coupla hours' worth of derping with awk and sed to extract the list, five minutes to save a html copy of the article and the whole shebang's been running in bash ever since (and no, it's not done yet - not nearly done yet).
So, how much do you pay your preferred selection of swindlers per click ? 10 cents ? Because the ~200k uniques I'm seeing over here so far would then put my hour's work well over 20 Bitcoin (which is just about right, which is kinda why I've bothered with this in the first place), and I can guarantee in any format you prefer that this is better traffic than whatever crap doubleclick, facebook, reddit, gawker or whoever else is selling you. Way better.
I said it before, but it bears repeating : Today is the International Day of Remembering How Mircea Popescu Is Better Than Me and related observances.———
- I have a history doing that kind of thing, perhaps of most interest to this crowd being the untimely death of Reddit's own coin, the Doge. Or else the death of Reddit's own retard, Andreas Derpenstockulous, Grand Shill of Allthescams. Or other things. [↩]
- If you're curious about the details, there's an amply documented, very detailed field report available. [↩]
- DDoS nullroutes work kinda like shadowbanning : the attacker figures he's successful, the rest of the interwebs dunno wtf he's on about nor do they care. [↩]
- Something that has been reported in the "tech" media back in April and has otherwise been known for years.
And yet... nobody over at Shittenweg's "Code is Prostitution" Palace has so far managed to fix that steaming pile of doo-doo they sing lieds over. They claim it's fixed, of course, but if you review the logs of the attack you'll notice virtually all the blogs involved are 3.x and 4.0, releases after the one where the issue was supposedly fixed. [↩]
- For comparison, back in March when I was all over the "tech" press with the OpenBSD story, the traffic bump was about a tenth this. Think about it : the combined might of the oh-so-important "media" is barely a tenth of a lemonade! [↩]