D0z.me — the Evil URL Shortener 116
supernothing writes "DDoS attacks seem to be in vogue today, especially considering the skirmishes over WikiLeaks in the past few weeks. The size of a DDoS attacks, however, has historically been limited by how many computers one has managed to recruit into a botnet. These botnets almost universally require code to be executed on the participants' local systems, whether they are willing or unwilling. A new approach has been emerging recently, however, which uses some simple JavaScript to achieve similar ends. d0z.me is a new service that utilizes these techniques, but provides a unique twist on the idea. Posing as a legitimate URL shortening service, it serves users the requested pages in an iFrame, while simultaneously participating in a DDoS attack in the background. No interaction is required beyond clicking the link and staying on the page. This makes it relatively trivial to quickly mount large-scale DDoS attacks, and affords willing participants plausible deniability in the assault."
Re:Since its a redirect... (Score:5, Informative)
No. If you visit the site, it loads javascript on your machine which does the DDOS from your machine. It's not a proxy.
Re:The joy of being a programmer... (Score:5, Informative)
You're going to be happy about it.
"All code used on this site is released under the GPLv3, and is available here. "
http://spareclockcycles.org/downloads/code/dosme.tar.gz [spareclockcycles.org]
Re:Am I doing it right? (Score:4, Informative)
http://d0z.me/ [d0z.me]
Re:Since its a redirect... (Score:4, Informative)
Of course, I could be wrong about the referrer being present in requests made from Javascript, but I assume it should be there.
Thats where you're wrong. Hooray for iFrames!
Re:Since its a redirect... (Score:5, Informative)
Re:Since its a redirect... (Score:3, Informative)
this is how it shows up in my apache logs:
r00t.me.tld.fail:80 x.x.x.x - - [20/Dec/2010:23:04:08 +0000] "GET /?v=1292886248174 HTTP/1.1" 200 1888 "http://d0z.me/worker.js" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Ubuntu/10.10 Chromium/8.0.552.215 Chrome/8.0.552.215 Safari/534.10" /?v=1292886251634 HTTP/1.1" 200 1888 "http://d0z.me/worker.js" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Ubuntu/10.10 Chromium/8.0.552.215 Chrome/8.0.552.215 Safari/534.10"
r00t.me.tld.fail:80 x.x.x.x - - [20/Dec/2010:23:04:11 +0000] "GET