Update Explanation: I was testing “http://loadimpact.com” a site that lets you load impact your site. The possible things this permit an attacker to do to a site they wish to attack boggles the mind. It’s somewhat of a horrifying thought and it’s not at all clear that loadimpacts protections against misuse are sufficient. But it’s also Friday afternoon, so I’ll leave discussion to comments.
The original pre-test post follows.
=======
The site might go down in an hour. I’ll explain later. If it’s up, visit spambotsecurity.com.
I’m testing…
=======
Also Update
Here are the results of the test from their side
http://loadimpact.com/test/view/1443884 or possibly
http://loadimpact.com/load-test/bannasties.com-864eb63a48f8e80bb17f10c82cf1e2b4.
195.178.177.182 - - [23/Aug/2013:14:35:55 -0700] "GET / HTTP/1.1" 403 1713 "-" "LoadImpactPageAnalyzer/1.3.0 (Load Impact; http://loadimpact.com/)"
54.216.128.179 - - [23/Aug/2013:14:36:34 -0700] "GET / HTTP/1.1" 403 1999 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:36:37 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:36:43 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:36:49 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:36:55 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:01 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:07 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:10 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:12 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:13 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:15 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:19 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:21 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:26 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:28 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:32 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:34 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
54.216.128.179 - - [23/Aug/2013:14:37:34 -0700] "GET / HTTP/1.1" 503 296 "-" "LoadImpactRload/2.7.6 (Load Impact; http://loadimpact.com);"
- The site didn’t go down. ZBblock rejected the the first visit with a 403 and sent an even less resource intensive 503 to later hits.
- Because I was worried, manually banned things to Cloudflare at 14:37:26. It takes a little bit of time for that to run. LoadImact hit my site 4 more times. It evidently doesn’t notice the local 503’s and I’m guessing it didn’t know it wasn’t making it to my site after that. Mind you, I think anyone can tell when Cloudflare started blocking. It’s when the User Load Time drops precipitously. See chart below:
Just move the site to wordpress.com and stop worrying about these things.
Anthony,
I would lose things like betting, and also, scripts on the knitting site. I still need to keep that from getting hacked (even if I don’t blog knitting anymore.)
Or maybe I could do betting–but only in cumbersome ways. Anyway, I like things about self hosting.
There is no silver bullet Tony.
re: “Anthony,
I would lose things like betting, …”
Geez, I’d hate to lose all my quatloos.
Lucia, for the benefit of the uninitiated (e.g. me), can you explain, in simple terms, why you would lose those things if you switched to wordpress.com?
Also, if possible, why using wordpress.com would prevent the hacking problems?
(a) I would lose these things if I switched to wordpress because I need someplace to run scripts. I can’t run scripts on wordpress. I would still need to have a server and a resolvable domain that would permit me to run the scripts. And beyond that, I could’nt insert the betting into a blog post easily. (Though I guess I could if I customed programmed something that let me stuff things in in some sort of iframe.) But without custom programming, I couldn’t do it. (Similar things happen to my knitting scripts which you guys aren’t familiar with. But migrating rankexploits by itself wouldn’t resolve all of my hacking issues, because I would still need to protect the other site.)
(b) WordPress prevents hacking problems because wordpress protects its servers to a large extent. That said, it doesn’t guarantee non-hackability. Hypothetically, all of wordpress can go down simultaneously and all of it can be hacked. But the bloggers have no control so there is no time sink.
Lucia,
Thanks for explaining.
I wonder if those who created the internet envisaged it would potentially be ruined by hackers?
Also, will it have to be abandoned in future because it is unworkable?
Of course, life in general would be a better place without criminals ruining it for the rest of us.
Ray
Oh… I don’t know. Those who envisaged the internet probably never really envisaged the internet! It started out as a way for a specialized group to connect and share. It’s not clear they ‘envisioned’ it as necessarily opening to the public and the world. Some might have seen it as going the other way and remained fairly closed for a long time.
Anyway, it isn’t really ruined by hackers. It’s just that owing to the open nature, and the sloppiness of people writing various very popular free codes (like WordPress & plugins), an industry of people trying to exploiting vulnerabilities free codes. Many or the things that caused WordPress to be popular aggravate its vulnerability.
And then people get ‘ideas’ like the service above. It really might be a useful service if someone orders it for their own site. But — at least as far as I can tell– there are really very few protections to prevent a nearly anonymous someone (hidden behind a proxy) who hates ‘site X’ from sending a shitwad of traffic to that site. (The anonymous someone would be violating the TOS. But… uhhmmm.. people violate TOS all the time!)
Heck, reading their FAQ there might be no protection to prevent a team of drunken jerks (say 10 frat brothers) from all timing simultaneous tests of a site and having that loadimpact send a shit storm of data to 1 site. The FAQ says it will blacklist a site if the notice too many people requesting testing– but how soon? Does it trigger if 10 guys get on skype, all enter ‘thedomainIwanttotakedown.com’ into the entry box and hit “submit” at nearly the same time? Beats me!
Or, more nefariously, suppose instead of 10 drunks on skype, we have smarter people who understand shared hosting and who really hate some particular site. Instead of all hitting ‘thedomainIwanttotakedown.com’, they learn which domains are all on the same shared server? Then they spread their requests over all the domains? This would probably be personal— and so less common than just a joker entering stuff. But really, this service should require users to prove the control a domain before it will hit with a shitwad of traffic. (Google and many services requiring proving you control a domain for many services.)
Sure wish I could find a way to comment here after I return to China on Friday. If not, rest assured I’m thinking good thoughts about what you’re doing here and about you specifically. Haiku and knitting will conquer the world. It just may take a while.
thomasfuller,
‘return to China’? That sounds kind of permanent. But why would you not be able to comment here from China? I have commented here from many parts of the world (Japan, Brazil, Australia, New Zealand, Saudi Arabia, Bahamas, Taiwan, much of Europe, etc.). Is this site on some kind of prohibited list in China?
I hope everything gets straightened out.
Also sort of testing if your site is functioning.
I see it. Must be a good sign.
SteveF–
If I let Chinese IPs visit, I get hit by at a rate of more than 1 hit a second by various different Chinese IPs scraping. (Mostly, its scraping. But at that rate, it’s a load issue.)
So, I block Chinese IPs. I tried to create “holes”, and I could if Tom has a static IP. But I think he doesn’t have one. Tom could try to visit through VPNs but many of those are blocked too– so it would take some discussing to figure out how to get him easy access while in China. So it’s very difficult for Tom to comment while in China.
Brazil is 2nd worse, but it’s nowhere near as bad as China.
Papertiger–
Yes. If you can see it, it’s still up. It turned out my scripts deal with Load Impact quite well. But it’s rather amazing that the site exists. I can’t help but think it’s only a short time before someone (or team of someones) uses it to harass some site they don’t like. Who will do it and to what site, I don’t know. Then the question is: will that sites admin have sufficient tech savy to know what happened. ( Some self hosted bloggers not only never look at their apache logs, they don’t even know how too look at them! Those people would never know what hit them.)
Blackboard went away (again) on Feedly a few days ago. Now it’s back, hooray!