[6391] in www-talk@info.cern.ch
Mozilla and network resources
daemon@ATHENA.MIT.EDU (Brian Behlendorf)
Thu Oct 27 23:33:30 1994
Date: Fri, 28 Oct 1994 04:24:36 +0100
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: brian@wired.com
From: Brian Behlendorf <brian@wired.com>
To: Multiple recipients of list <www-talk@www0.cern.ch>
The multiple TCP connections I'm seeing don't bother me nearly as much as the
bug in all versions of 0.9 with user authentication that causes an infinite
loop at times when the password fails. Hot from my error file:
[Thu Oct 27 12:37:13 1994] puck.slk.foo.net authorization: DBM user pauldenny not found
[Thu Oct 27 12:37:14 1994] puck.slk.foo.net authorization: DBM user pauldenny not found
[Thu Oct 27 12:37:16 1994] puck.slk.foo.net authorization: DBM user pauldenny not found
[Thu Oct 27 12:37:17 1994] puck.slk.foo.net authorization: DBM user pauldenny not found
[Thu Oct 27 12:37:18 1994] puck.slk.foo.net authorization: DBM user pauldenny not found
[Thu Oct 27 12:37:19 1994] puck.slk.foo.net authorization: DBM user pauldenny not found
[Thu Oct 27 12:37:20 1994] puck.slk.foo.net authorization: DBM user pauldenny not found
[Thu Oct 27 12:37:21 1994] puck.slk.foo.net authorization: DBM user pauldenny not found
[Thu Oct 27 12:37:22 1994] puck.slk.foo.net authorization: DBM user pauldenny not found
[Thu Oct 27 12:37:23 1994] puck.slk.foo.net authorization: DBM user pauldenny not found
(the domain name has been changed to protect the innocent)
Over and over, as fast as the link will support. I'm very close to
disallowing all accesses from User-Agent =~ /Moz/, as our servers are
being totally hosed by this. They did manage to fix problems with user
authentication present in other browsers, but this is far more harmful.
In essence, it's a denial of service attack - one guy has been doing this
every second for over an hour.
Please, PLEASE, if you access our site, and you see a the words
"Connecting to host" and "receiving data" blinking over and over, HIT THE
STOP SIGN.
The only solution I know of right now is to sit watching the server,
continually editing a .htaccess file on our root level to deny accesses
from certain hosts.
Oh yeah, HotWired is up for business. I'll forward a more formal press
release here in a bit, when it's ready.
http://www.hotwired.com/
Brian
