The Runcible Blog

In retrospect, that referrer spamming wasn't much of an "attack". The server load was pretty much zero the entire time, and one request per second is no big deal at all. I'm sure the server could handle much more than that. But the annoyance factor was high.

I've also been wondering about something I see in my logs. When someone using Internet Explorer on Windows accesses my site, the last element to download takes exactly 5 minutes to show up in the logs. Here's an example of what I mean (IP address removed to protect the innocent):


x.x.x.x - - [28/Jan/2003:15:51:51 -0500] "GET /blog/ HTTP/1.1" 200 11792 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
x.x.x.x - - [28/Jan/2003:15:51:51 -0500] "GET /blog/styles-site.css HTTP/1.1" 200 5713 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
x.x.x.x - - [28/Jan/2003:15:56:53 -0500] "GET /blog/archives/2003/01/27/weird.jpg HTTP/1.1" 200 32768 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"


The last image shows up in the log five minutes later. (oddly enough, it failed to download the xml.gif...) At first I thought it was taking 5 minutes for those browsers to download the image, but that doesn't make sense. It shouldn't be that slow, and other browsers don't show this problem. Then I remembered an article about some things that Internet Explorer does to increase speed but which break the rules of HTTP. Specifically, it leaves connections open on the server in order to make it quicker to download subsequent pages. Hmm, now that I reread the article, it seems that this might not be an accurate description of what is happening.

Well, I don't know if what Internet Explorer is doing is valid, but there are only two possibilities here: either it takes 5 minutes to download the image completely (unlikely), or Internet Explorer is not closing the connection, causing Apache to timeout after five minutes and close the connection. I don't think that is kosher behavior. Also, I still can't figure out why the webcam image never shows up in Internet Explorer. I don't have access to IE 6.0 on Windows, so maybe I'll never know what's wrong. Thanks, Microsoft!

With one simple command line, I wiped out all 4906 referrer spam hits that my site received over the past hour and a half or so. It amounts to 32 megabytes transferred...all for naught. Try again, spammies.

My website is currently being hit hard by a "referrer spamming" attack (I consider it an attack). In the span of one hour, an automatic script has requested my index page 3050 times (and counting)! The host, 217.227.143.157, is apparently in Germany on a dial-up connection. I don't want to encourage them, but here is a typical line from my access log:

217.227.143.157 - - [28/Jan/2003:13:30:03 -0500] "GET / HTTP/1.0" 200 6765 "http://www.free-adult-cartoons-adult-comics.com/" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

I haven't counted, but there are several different referrers being used, and several different user agents. This is really a ridiculous way of spamming someone since it has little effect unless you are displaying referrers on your site. I don't, but I have a separate usage stats page (I won't put a link here, but the link is elsewhere on my site) that google has indexed. The spammer is hoping that those sites will show up on my stats, thus leading people or search engines back to the referred pages. Spamming has reached a new low (could it go any lower?). The most frustrating thing is that I don't have a defense against it unless I do a whole bunch of configuring and reboot the server. For now, I'll just wait for the madness to stop and then cut out those entries from my log. Take that! current hits: 3738 and counting....

I just finished watching Amélie on TV. It's the second time I've seen it (the first time was in the theater with that girl). Anyway, it is a beautiful movie and very well made. I recommend it to anyone. If you can tolerate the romantic fantasy it purports, it's really such a lovely story. Haha, the only problem is that now there are hundreds (thousands?) of girls who either think they are just like Amélie or who want to be like Amélie. I guess I can't blame them…she's so cute!