Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Spam

Kuro5hin Forced Down By DOS 278

Posted by Hemos from the forced-into-the-ground dept.
Yenya writes: "It seems that Kuro5hin is being shut down as a result of the automated "spam" attacks in previous three days. It is a shame that good work of Rusty and other volunteers can be destroyed by some clueless attackers. I hope they will not give up and try to resurrect the site soon." Yenya was one of many who wrote about this - I personally like kuro5hin and I hope they can find a way to get things working again. Hopefully we'll get more news on it today - stayed tuned.
This discussion has been archived. No new comments can be posted.

Kuro5hin Forced Down by DOS More

Kuro5hin Forced Down by DOS

Comments Filter:
  • It goes deeper than that. Somebody has got it in their head that they want to slam k5. No matter if it's hosted on /., or out of rusty's house, or out of rusty's work, or on www.microsoft.com, the spammers still have the goal of slamming k5, and all the bandwidth in the world won't help.
  • Before I get flamed there is not alot i can do, and i'm sure there are others that really couldn't do much, but i'm a good leader for a paq of mad crackin fooz. ;) Do something about this, let's find these punks and show them what the internet is all aabout,, COME ON it works both ways, it's not like the internet is a one way pipe. dang!

  • Heh (Score:1)

    by pixelix ( 169806 )
    Could anyone imagine how crazy that headline would look 10 years ago?

    "Kuro5hin forced down by DOS"


    --
    jambo
    system.admin.without.a.clue
  • /. says "Check out [link]this[/link] site" and the little web server in a match-box goes down for a few hours. Then comes back, and no one cares.

    /. says "Of course there's an obligatory 'Slashdot is censoring the story' post on [link]Kuro5hin.org[/link]" and a wanna-be 733t3 haX0r goes on a crusade - effectively censoring K5 - and /. posts a front page article about the event.

    Nevermind the slashdot effect - beware it's wake.

  • hmmmm (Score:1)

    by Anonymous Coward
    Wouldn't it be terribly unfortunate if some feature^H^H^H^H^H^H^H bug were to reveal the IP of the person spamming this thread? I, for one, would fear for that person's continued connectivity. For months.
  • Can anyone point me to some articles that pertain to the psychology of script kiddies and their thinking of WHY they want to attack and destroy other computers with such non-sense?

    I think the name "script kiddies" pretty much sums up their thinking. They're immature little undeveloped (probably teenage) computer users that think it's cool/hilarious to piss someone off when the victim can't do anything about it.

    Hopefully, they grow out of it eventually, but by then the damage has been done, and (unfortunately) another immature pratt will inevitably rise throught the ranks.

    (please note I am not saying all teenagers are immature. Only script kiddies for sure.)
  • But it seemed like they were keeping up with it. Yes, for a brief period on Monday evening the story queue was full of junk, but it was quickly taken care of, and things (seemingly) got back to normal. My impression was that keeping up the appearance of things being normal was just too overwhelming in the face of all that crap.

  • My friends, never underestimate the power of large groups of stupid^H^H^H^H^H^H nerds

    If we had a bit of nerve, we could do this simply. K5 and /. get together on this. Once this little dippie gets back online, post his ip/nameserve/webpage/whatever to BOTH sites at once.

    We could run several DOS^H^H^H /. attacks on them. Sure, k5 and /. may get in trouble, but I bet you the little kiddies won't screw with us for a while.

    By doing this, it will show that there IS support for k5 and /., because I doubt the trolls will get in on the action. If they do, my respect moves up for them just a little. Overall, a feelgood for everyone involved, and a message to the morons out there.

  • I think he was suggesting a sliding scale. If a post is marked as a 5, you almost always want to read the whole thing, no matter how long it is. But if its a 0, then chances are, that if its long, its spam. Let me just see the very beginning of it.

    IMHO this is a very good idea.

  • Well, other than the <a href> thing, this already exists. Just use <url:http://example.com/> and it will become http://example.com/ [example.com].
  • Just like the other 5 replies to your post. And the hundreds of others that have been appearing all over Slashdot. I fear that these goatse.cx kiddies are the ones who will bring Slashdot's demise...

    -- Sig, 120 chars --
    Your friendly neighborhood mIRC scripter.
    if (ismoderator(reader)) hidecomment(this);

  • Why? I'll tell you why... (Score:3)

    by Lion-O ( 81320 ) on Wednesday July 26, 2000 @04:05AM (#904709)
    Before I go on; this whole article consists of some speculation allthough I'm convinced about some parts of the story. And as allways its merely my own opinion...

    Many people ask themselves why and iirc some organisations are even spending thousands of dollars on it 'cause they want to know what could motivate a person to do something like this. In this case its a site which isn't as well known as, shall we say, Amazon but IMHO much (maybe most) of the DoS attacks done by 5cr|py lus3r5 are solely for that oh so burning feeling of having control and having power over something. I know; nothing new here.

    The only problem with having control and power is the question if you are capable of dealing with it. Those DoS attacks proof to me that the most kiddies doing it aren't capable of handeling anything what so ever. Most are just loosers, nothing more, nothing less. And yes; this is easilly said but gimme a change to explain myself... In most cases starting up a DoS takes nothing more then knowing how to operate a program. Installing the exploit on some servers is in many (maybe even all) cases much easier then people claim it is. There are millions of servers on the net and not all of them are secured in the way they ought to be. If you really want a good amount of servers to attack someone you don't want to spend to much time on breaking into one. Heck; the longer it takes to set up / prepare your "DoS cluster" the higher the risk that your exploit gets discovered, allthough on some servers this risk isn't there alltogether. And once we're done its picking a target and voila.

    Is this 3l33t? Nay, but this probably is the best these morons are capable off. If you can't beat 'm make their lives miserable. Dunno how to hack your way into a computer system? Disable it. Sure, it is a felony these d00ds are commiting but IMHO they don't deserve all the blaim. The more you mention them the more 3l33t they feel.

    So why focus on the messenger while the real problems lies elsewhere? Everyone with a small piece of understanding knows where the problems lie yet no-one seems to care enough to do something against it. Hosting providers could make a start by checking the systems being put online. If it meets the security approval it can be placed online. When the system is one big security hole; tough luck. I truly believe this is technically possible. Only problem we are facing now is money and competition. If one hosting provider would start by setting up security "seals of approval" you can be sure it'll go bankrupt 'cause the competition won't.

    And thats why I feel that those organisations are the real persons responsible. Not only that but they seem narrow minded as well. If they would invest the time and money (the money lost by customers who aren't capable nor willing to secure their box(es)) they would make the Net more secure while still keeping control of the freedom we are having now. If they don't then I'm pretty sure that one day a politician will get a brainwave and will "make" the goverment kick in and enforce all of this. I don't have to tell you that the latter option will probably bring more then just a "safer Internet". The more important the Net is becoming the higher the chances this scenario will unfold IMHO.

  • I dont know what they run (Slashdot, custom), but they add bunch of checks that would prevent such abuses. Post to much; blocked out. Can only submit a X amount of stories. Try to issue too many commands (Automated attacks); blocked from the site. Reload pages to much (Again, a script attack), blocked out. Its just a matter of watching what happens and then adapting.
    If they need coders, I think a number of people would be avil to write that. No one likes to see the good guys lose.
  • that should be your first instinct.

    Only if one assumes that all politicinas are malicious. And that it turn says quite a bit about the people who elected them, i.e. you, doesn't it?

  • Actually we did care when Yahoo, CNN.com, etc. was attacked. But we were not emotional about it.

    it must take a special kind of asshole to attack a nonprofit site like Kuro5hin. I feel sorry for anyone immature enough to pull a pathetic stunt like this. This is no better than kicking dogs.

    That line actually answers your question.

    We cared about Yahoo, CNN etc. But those don't seem to be as "human" as Kuro5hin. We can relate to people spending their own time doing something right for the community, and are really annoyed when some ass pulls a stunt like this. But when it happens to corporations, we may be upset, but its a company and not a person. Yes some people are affected by that, but it is more like "part of the job". Volunteers should not have to deal with this crap. (although, no one should)

    Steven Rostedt
  • Slashdot has been slow to report their own downtimes; in many cases not reporting them at all.

    Somebody moderate this up as "Funny" -- reminds me of the story about Marketing wanting Engineering to add a light that would come on if the battery died.
    /.

  • To me, we should be talking about this in the same manner we do when someone says or asks "Where's Mozilla?" or "Mozilla sucks". We often answer back, well, if you think you know so much about browsers, stop complaining, you can help, start writing some code or collaborate in some way with the Mozilla project.

    Well, instead of talking about what is wrong with script kiddies and moaning about how sad is that the Internet (parts of it) can be brought to his knees so relatively easy, we should be finding ways to protect it against that. I believe this is a job the IETF should pursue, so in the scope of our possibilities, we should be more in contact with this organization, helping them out, proposing new solutions. I don't know much about this but we may need some architectural solutions to deal with these attacks. It turns out that the future of the Internet (as for instance, the future of Mozilla) is potentially in our hands via IETF and organizations like that, isn't it?

  • Add some damping to the loop (Score:3)

    by Max Hyre ( 1974 ) <mh-slash@@@hyre...net> on Wednesday July 26, 2000 @04:11AM (#904724)

    Probably the major problem with weblogs is the instantaneous feedback. Remember the ``flash crowds'' in Niven's teleportation stories (All the Bridges Rusting IIRC)? We have exactly the same phenomenon going on here.

    How to fix it? Put some damping in the feedback loop by delaying the appearance of posts, while still assigning karma. The higher your karma, the sooner the post appears. Voila---the trolls and kiddies no longer get the instant gratification they want. What's the fun in working for fifteen minutes to hose a thread when you don't see the results for half an hour?

    What??!! I hear you scream, half an HOUR? The discussion's dead meat by then!

    Erm, no. Any comments worth reading now will be worth reading in half an hour, or even an hour later. Such a delay would also help damp the rush of mis-informed comments from those who haven't digested (or even read) the story, and thus the reflecto-flames from those offended by such witlessness.

    Take any civil or electrical engineering or differential equations class, and learn why damping is good. (Check out the Takoma Narrows Bridge [rug.ac.be] for a short course.) That's part of why you always hear the New York Stock Exchange results are ``delayed fifteen minutes''. (I suspect the other part is so the dealers can get their cut before the unwashed get a shot.)

    Bottom line: Slow things down, it can only make them better.

  • Is the future of the Internet a place where only the most well-monied companies can afford to defend themselves

    If that were the case then sites like yahoo and amazon didn't have to cope with this as well. As long as clueless lusers can hookup a machine on the Net and feeling extremely c00l about it you'll be facing problems like these. Lusers like that who aren't even capable of securing their iMac with one mouseclick (no offence intended at iMac here, just naming it due to its user friendlyness).

    What seperates these lusers from the rest? They have the money to afford themselved being on the net 24/7 (T1?) unfortunatly don't have the brains for it.

  • Obvious suggestion (Score:3)

    by Alik ( 81811 ) on Wednesday July 26, 2000 @03:14AM (#904729)
    If Slashdot is truly sorry about what happened, how about donating a bit of their shiny hyper-powered VA resources to temporarily host kuro5hin?
  • To me, this is a point in favour of the "little brother" approach - if there are people who are clueless enough to let it happen, they should be punished until they fix the problem.

    right! and while we're more or less in agreement, I want to change your spin. It's not punishment, it's managing abusive access to a scarce and privately financed resource given over to public use, and it's managing it in a very open way and giving people recourse.

  • You might want to take a look at Advogato [advogato.org], specially their so-called trusted metric [advogato.org].

    From the mission statement: "The other major focus of this site is a peer certification system. The members of this site certify each other, specifying one of three skill levels. Then, I've got a trust metric that takes the whole pile of certificates and decides a trust level for each member. What makes the system interesting is that it's attack resistant. If a bunch of attackers were to create lots of accounts and mutually certify each other, only a very few would be accepted by the trust metric, assuming there were only a few certificates from legitimate members to the hackers."

    Note that I'm not saying that this is better than the /. moderation system, it's just a different option.

  • Go read the page at kuro5hin.org - they're not down, they're off; they've taken the site down and have no immediate plans to put it back up.

    This isn't a hiccup, this could well be the end of k5.

    Tim
  • Kuro5hin did try those things -- the attacker apparently has a wide base of cracked systems to work from, and way too much time on his/her hands.

    --

  • the liability is not in deleting. but if somebody posts something like "Daniel Schorr got fired for lying" or "Nina Totenburg got fired for plagiarism", if you delete other stuff the claim can be made you should have deleted this stuff. Though, I tried to pick stuff I've heard is true so I wouldn't be guilty of it.

  • Money, I guess (Score:4)

    by pwhysall ( 9225 ) on Wednesday July 26, 2000 @03:16AM (#904744)
    "But why, (if I may be so bold) didn't anyone seem to care when Yahoo, CNN.com etc. were being brought down by attackers?"

    Because those sites exist for one reason and one reason only - to turn a profit. Sure, their admins and staff care (that, to me, is part of doing a professional job), but only in the same way I care about my servers at work. I care because my employer pays me to care.

    K5 was done because people WANTED to, not because they HAVE to. And that's why I do care about K5 getting DOSed, and I don't care about BT getting DOSed.
    --
  • Even if there was multiple IPs, they should be able to track it down somewhat at least.

  • I'm reminded of a day at the beach a few years ago where I watched a father and his son build a sand castle. When the finished, the father said to his son, "Do you know what the the best part of this is, David? It's WRECKING the castle!" and then the boy proceded to kick and batter the towers while his father laughed encouragingly.

    What the hell's wrong with that? If that were my son and I, I would do the same. My son, depending on his mood, would either protest furoiusly or he would dust the castle in a split second.

    Why let someone else destroy your hard work? Why let the tide take it out? Go down in a blaze of glory if you want to get rid of it! It's nice to create but if you want to build something else you usually have to destroy something in the process. There's a zillion reasons for destruction, the least of which is "just because I want to."

    Now, if that were someone else's sand castle and he went to tear it down, I'd tear a strip off of him, whether they were around or not. It's called respecting other's work and realizing that you can do what you like with yours. If he didn't want to kick it down, I wouldn't encourage him to. However, if after spending all that time and effort he did want to destroy his sand castle, that's his perogative. When he wants to tell someone else what he built and they want to see it and he can't show them, he'll learn a little something. Yes destruction is fun, but it also ruins your ability to share it/show off/etc.

    Script kiddies actually enjoy destroying other people's work.

    Yes, but what does destroying other's work have to do with destroying your own?

  • You could base the credit for the moderation on the number of people to moderate up after you moderated up.

    So If i moderate a +5 article, I directly gain nothing but the previous four people who moderated it do gain. This means that the person that does the moderatation from 1 to 2 can quickly gain more power and the straggling 'me-too' people dont get as much.
  • How does /. prevent this same type of attack? Or does K5 operate differently?
  • I think that instead of a moderation system that just lets people bump a post +1 or -1, moderators should be able to pick a level for the post.

    Then the computer would average all those moderations together. For example: Somebody makes a good post, and it starts out at 1. Moderator A rates it "Insightful" and "5". Moderator B rates it "Interesting" and "3". Average them all together, (1 + 5 + 3)/3 and it would show up as "3".

    You might need to simplify a little. Perhaps instead of the numbers, have a scale like "Crap, Useless, Ordinary, Good, Very Good, Excellent". Maybe just use that and drop the Insightful, Funny, Interesting part of moderation.

    I think that would be simpler for people, even Arts students. (heh. You said it, not me! *ducks*)

    However, I think Slashdot works amazingly well, considering how many trollers and losers are attacking the system. So if you think your site is going to be big, or will have a lot of losers on it, you might want to stick with what is known to work.


    Torrey Hoffman (Azog)
  • A mirror of cryptome can be found here [www.ccc.de].
  • It's a "little brother" approach, the typical way social systems worked in the old days in small towns, where the vandal's mother generally knew about the vandalism before the perp got home.

    Yeah. Small towns are also well-known for their intolerance and xenophobia. The system works well for preventing small crimes, but it works just as well for preventing anything that contradicts the notions of propriety in this particular town. People who are different are shunned at best, killed at worst.

    Having said this I see no problem with Kuro5hin blocking off ranges of IP addresses -- he is providing a free service and he can do anything he wants. He has no obligation to the unlucky souls who happen to be in the same subnet as the source of his problems.

    Kaa

  • Re:Anti-troll / spam filter idea for slashdot! (Score:3)

    by Azog ( 20907 ) on Wednesday July 26, 2000 @04:53AM (#904773) Homepage
    Good idea, except for one thing...

    It would be trivial for the attackers to change just a few letters at the end of the post, completely changing the MD5 hash.

    What would probably work better is some sort of "diff" approach. If a post is "too similar" to a lousy one it would be rejected. It isn't actually that hard to do similarity checking, and the load is not that high. After all, even on a busy day Slashdot only gets about 3000 posts or so.

    This would get rid of the Jenna Elfman, Penisbird, Latin Lessons, and other fools. (I read one of the stories at -1 yesterday. Unbelivable!) I wonder if this would count as censorship? Perhaps instead of deleting the post, the system should just instantly moderate it down to -1.


    Torrey Hoffman (Azog)
  • The problem wasn't that somebody did something naughty. The problem was that somebody did something naughty, they fixed it, somebody did something else naughty, they fixed that too, then somebody did something else naughty, and they had to restore their database, and finally somebody did yet another naughty thing that apparently was one naughty thing too much. I don't blame rusty for getting fed up after a stream of abuse.
    --
    -jacob
  • Why must people always try and sow malice and discord? Micheal posts to kuro5hin and lots of the Slashdot staff read it. When the DDoS attacks started rusty and crew were in touch with CmdrTaco who gave them several tips because they had been through the same thing.

    To see worthless posts like yours that try to make a bad situation worse by creating animosity is highly distastefull.

  • They've put up backups. After several days of continually fighting to keep a website up in spite of constant attacks, you'd get sick of it too. I understand why they decided to give up, and I just hope it's temporary.

    ----

  • Re:Not only is the site... (Score:3)

    by nagora ( 177841 ) on Wednesday July 26, 2000 @03:33AM (#904781)
    There is not much to know about why script kiddies do what they do. They do it because they are kiddies, ie they are immature and still stuck in that pre-adult stage of taking pleasure in destruction of things not their own. It's the same thing that causes people to snap saplings in the park or spray-paint a newly painted wall: they get a kick from the thought that they've ruined someone else's work.

    The bottom line is that they are incapable of producing their own works of art/skill/technical ability and their jealosy of those who can is sublimated into a childish "well I think that sucks, anyway" reaction, which develops into a hatred of anyone who can do it, from which the pleasure of un-doing other's work derives.

    I speak from memory; I can remember these feelings from adolesence and they do still creep up from time to time. Adults control these feelings, children act on them.

    I'm sure if you cast your own mind back and are honest with yourself you'll see there isn't any great need for papers on this - it's just (young) human nature.

    TWW

  • It's very, very sad (Score:5)

    by pwhysall ( 9225 ) on Wednesday July 26, 2000 @02:06AM (#904794)
    And very, very infuriating that the actions of one individual can take away something that has provided so much pleasure and information for so many.

    If you, Mr Skript Kiddy, are reading this, beware. This is not the end of the story.

    Speaking with Rusty and the gang on IRC I could feel the frustration and anger mounting since Monday.

    I guess the best way of describing it is as if you provided a reading room of your *own* books, catalogued on your *own* time for people to use. And then one person came in, tore up the books, pissed on the floor and then disappeared.

    It's a sickener and no mistake.
    --
  • Just look at the comments here so far. Can you blame them? I'm surprised that slashdot don't do the same. Everyone knows that the signal/noise ratio here is very low and you have to wonder why cmdrtaco et. al. don't just get rid of the discussion area.
  • shut 'em off automatically. I can't believe that the attacker 0wnz more than a very small percentage of available IPs.
  • why #2? did someone on /. dos k5?
  • I suspect that the K5 DoS putz is the one who just got thwarted by NewsTrolls (http://www.newstrolls.com/). Just a few days ago, NewsTrolls implemented a sandbox system that allowed the putz to post his crap, without inflicting it on those that didn't care to see it.

    Immediately after NT does that, K5 gets swamped.

    K5 will resolve the problem, and the putz will target someone else.

    It's a cry for help, even if it seems to most of us to be a cry for a bloody good beating. A person has to be pretty damned hard-up to waste so much effort doing something so pointless.

    The putz falls into the category of people who deface murals, tip mailboxes, uproot saplings and smear shit in the washroom stalls: they're people who are desperately fucked-up and don't know how to ask for help, so they create situations where they'll have help forced on them.

    --

  • "One of the most widely used arguments for hacking and cracking is that they want to find the flaws and security holes in a system. That's great and fine IF that is what they are actually doing."

    I know this isn't your point, but I still have to call bullshit on anyone who claims this as a validation for cracking.

    It's not an argument. It's not a validation. It's not a justification. It's an excuse for a bunch of juvenile delinquents to violate and destroy other people's property without any moral qualms.

    If most systems were buildings, they'd have triple locks, security scans, and a receptionist. Lets face it--most computers on the internet are amply secure to prevent people from walking in either accidentally or with just a quick word. Anyone who breaks into our systems is the moral equivalent of an armed bank robber. Any 'security checking' excuses are only so much BS.

    "they should be shot for polluting the gene pool with their stupidity. IMHO"

    Agreed. Let's lock up the vermin.

  • Is this the future? (Score:3)

    by ajs ( 35943 ) <ajs.ajs@com> on Wednesday July 26, 2000 @02:07AM (#904809) Homepage Journal
    Is the future of the Internet a place where only the most well-monied companies can afford to defend themselves from the onslaught of attackers? Is popularity a death-sentance on the Internet? Sad, but it may come to that....

    I will have to think twice about a few of the cool volunteer community sites that I had been thinking of building on my home systems.

  • Persistant buggers out there.

    What part of "Gestalt" don't you understand?
    Scope out Kuro5hin [kuro5hin.org]

  • K5 (Score:2)

    by KMSelf ( 361 )

    I posted a rough set of notes on what I felt are the components of a good moderation system at scoop (http://scoop.kuro5hin.org/ [kuro5hin.org]). Unfortunately, the site's down at the moment.

    Abstracting, the Scoop engine uses a bounded metric (floating point 1-5 score) plus editorial oversite (content can be removed) to filter content.

    Some of the interface tools need to be improved. Bulk moderation (set scores, then submit en mass) and filtering (seting min/max thresholds) need to be implemented. There's also the whole issue of anonymous story and content submission -- I ultimately feel that a solution akin to that described by Larry Lessig in Code and Other Laws of Cyberspace [code-is-law.org], the "Yale Wall", is necessary. This describes a physical posting board on which anonymous posts were allowed (not garbage-collected), if signed, potentially by anyone. Weblog equivalent would be an anon queue, regularly cleaned out, in which registered users could "sign" posts, but wouldn't be obligated to. Anonimity is then a grant by the community, but isn't a fully free of responsibility.

    I do feel somewhat strongly that there has to be an equivalent of what's called "karma" at /., though the past reaction has been rather strongly negative when the issue's been raised at K5. Advogato's trust metric is one implmentation, I think it's better than /.'s, but I haven't seen something that works really well yet.

    What part of "Gestalt" don't you understand?
    Scope out Kuro5hin [kuro5hin.org]

  • I'm hoping to soon be running a discussion based site for non-techie users.

    I was curious as to what methods of moderation were best to implement. Certainly I feel the /. method works very well but it's perhaps a little complex trying to explain to less logically minded (or even arts students) people what moderator status is, let alone whether they should actually use it.

    Since I expect this to be mainly student based lots of people will be connecting through webcache and proxy servers so trying to just stop more than X posts per IP per hour wont work.

    What solutions can you guys think of that dont involve me checking every post (and as a pro-free speech type person i'm not keen to force my views on other people)
  • Because the link does show an explanation of the K5 crew of what's up. This wasn't a "total obliteration" DOS like the one against the bige sites some months ago. This attack only caused the site to be unable to work as a discussion forum because it was filled up with garbage.
  • I believe you have to register your internet connection with your friendly government office in China. Hey, if a billion people are doing it, it can't be wrong...

    Oh, that government imposed firewall... well it's a small thing really. The Chinese mentality is so... delicate... that the citizens would be... irreparably scarred by some of the finer points of live goat porn available on the net. They're just protecting their citizens from live goat porn. Yeah...

    On a more serious note, the blame here rests with the ISPs, none of whom have apparently configured their routers to 1) prevent packet spoofing and 2) not respond to stuff on broadcast addresses. 1 and 2 make smurf-type atttacks easy. 1 also makes it safer to do distributed attacks involving compromised machines.

    While you're not going to have much luck suing all the ISPs of the world, I am waiting for some bright soul to try suing Cisco for not making their routers disable spoofing and broadcast reponses by default. Most ISP employees are drooling idiots (Because ISPs operate with such a low margin that they can't afford to hire experienced people) and will just drop the routers in and forget about them.

    Of course, IPv6 may make it much more difficult to manage a lot of these attacks and may also make it much easier to trace their origin. Once the net gets moved over, this particular problem may go away.

  • No, it's been intentionally taken down. In place of the normal homepage there is now a brief (and understandably, somewhat bitter) message from the site's creator and principal admin, "rusty". He explains that it became too much work to deal with all the crap.

    I imagine that /. gets hit by shit like what K5 experienced (and probably worse) all the time, but CmdrTaco and the gang just grit their teeth and deal with it. Of course, they can do that, since running /. is their full-time job. But for smaller, run-in-your-spare-time sites like K5, it's just too much.

    I wouldn't know, but I'll be dealing with crap from script-kiddies is probably a hell of a lot of work.

  • Bit of a mixed response here.

    On the one hand, you're right--calling them names won't do much good, other than letting them know that they're getting to us.

    On the other hand, just because they can cause damage doesn't make them bright studies. A 14 year old with an AK-47 can cause a lot of damage. It doesn't take much knowledge to pull the trigger. If you dig through the story on rootprompt.org about the hack they suffered, you'll find that some of these exploits are being pulled off by kids who don't understand how (or what it means) to mount a hard drive under Unix! Download an exploit and a rootkit, and you're in business--no brainpower needed.

  • I assume you're talking about kuro5hin and saying they are lusers. It's probably all a troll, but I'm having a hard time keeping myself from replying.

    I think (I hope) you misunderstood what he was saying. I tool Lusers to refer to the script kiddies launching the DOS attacks, not Kiro5hin for being their victim.

    Upon rereading the article it coule be taken either way. Perhaps the original author would care to clarify?

    You are right, there were some very good articles on how to secure a system. I for one will miss kiro5hin very much -- it had become the first site I would browse in the morning while sipping soda and waiting for my compiles to finish.

    [toung-in-cheek]
    Some anonymous coward said something about breeding these lusers (the attackers) out of the
    race. While manditory castration might be a little harsh, bitch slapping their parent's for doing such a poor job and foisting such scum upon the rest of us seems like a reasonable start.
    [/toung-in-cheek]
  • It hadn't been slashdotted in the traditional sense, true. However...

    There are a lot of stupid people on slashdot. Sure, there are a lot of smart people, too, but you get a lot of people wondering what you could do with a Beowulf cluster of Natalie Portmans with hot grits on their penis birds. What the lack in clue they make up for in volume.

    Idiots, basically. Script kiddies and the persistently annoying who're more interested in doodling than discussions.

    Every time slashdot mentioned kuro5hin, it brought it one step closer to death.
  • Sure you don't mean the various other DOSes, like, say the Operating Systems called DOS
    for the IBM 370 mainframes?

    Or DOS 3.3 on the Apple 2?

    I know, I know... But you'll just have to face the fact that people refer to MS-DOS as DOS and those other operating systems.... 370/DOS, AppleDOS 3.3.... etc...

    Get over it.
  • > Someone has already suggested your idea. Check out the chrome ribbon campaign:

    Irony: the "Keep Idiots Off The 'Net" campaign's home page has no ALT attributes on the IMG tags, thus rendering the page virtually unusable in lynx and other text-based browsers.... a mistake generally considered, in the design circles I usually frequent, to be idiotic.

  • eek. (Score:2)

    by aphrael ( 20058 )
    This has got to be the saddest / most infuriating thing I've seen happen on the net in a long time.

    It's sad to see Kuro5hin go --- it was a neat site, in many ways a smaller, more comfortable, more tribal version of /. . It sucks to watch people put their hearts into a volunteer project to build a community, only to see it destroyed by random a*****s with nothing better to do.

    But it says something infuriating about the net community, and its future, and the level of childishness prevelant on the net. It means that *anything* which comes into the public eye is vulnerable, and that there is no such thing as respect on-line; it means that the only people who can succeed are those with enough time and money to fight off the barbarians, and anyone who is just trying to do a good thing because they care is doomed to failure.

    It's worse than the tragedy of the commons ---- it's not just communal space which is being destroyed, but anything which is built by someone who doesn't have the internet equivalent of tanks and anti-aircraft guns to protect them.

    It calls up a pretty serious flaw in the architecture of the net --- the designers assumed that everyone would play nicely. That's been clearly untrue for years now, but what can we do about it? The first response is to agitate for a law (after all, repeatedly throwing molotov cocktails in a store window would be construed as criminal activity), but how would that law be enforceable?

    *sigh*
  • I agree with you wholeheartedly. In fact I have a twisted sense of respect for those who destroy their own creations. Too many "artists" create their work primarily for approval of others/money. I guess anyone who creates something beautiful and then destroys it clearly created it solely for their enjoyment, not for others' approval or monetary gain.
  • Rather than blocking someone from posting by matching their IP number, why not match their processor ID?

    Oh yeah...too many people had a knee-jerk reaction to them, and Intel was forced to remove them from the chips.

    I realize that the solution is not as simple as this, but it does irritate me that when a potentially valid reason for having a technology around comes up, it's already been bludgeoned to death by people who are either uninformed or jump to conclusions too quickly.

  • I'm not rising to this one. (Score:3)

    by pwhysall ( 9225 ) on Wednesday July 26, 2000 @02:19AM (#904882)
    The whole /. cf K5 debate is a strawman. Michael dropped a bollock, and admitted it. End of story, film at 11.

    The only thing that makes /. more resistant to this type of attack is the fact that there are a couple (or more) people who look after this site *full time*.

    K5 is a *volunteer* effort. The people running it have fulltime jobs elsewhere. It's done for love, not money. The ads pay for hosting costs and suchlike.

    It's also fundamentally different - it's not the free-for-all that /. is. Spam there once, and you'll get warned. Spam there twice, and you'll be banned. Trolls are deleted.

    How this policy is going to scale up to the zillions of posts/users, I dunno. Sturgeon's law says 90% of everything is crap. Well, weeding the crap out of a couple of dozen posts is easy. Weeding the crap out of a couple of hundred, somewhat less so.

    Maybe K5 will always stay low volume - there's no incentive for penis bird idiot fuckwit boy and his like there - because the one thing they feed on, seeing their posts, disappears.
    --
  • Why is Slashdot popular with open-source-type-people? Yes, there's some path dependency -- "it's popular because it's popular." But also, because the process of moderation, participation, etc. reflects OS-type values. Meritocracy, being able to build a reputation, incredible customizability, and so on. And the moderation system here has been an incremental solution to an underlying problem that has also grown incrementally.

    As at least one person has noted (in another discussion, on k5, about controlling noise in discussions), CmdrTaco notes in the new FAQ that technical arms races will always be won by the trollers, because there are more of them and they have more time than you. (Kinda like cathedrals vs. bazaars, no?)

    The /. system only works with a critical mass of people with civic virtue who participate consistently. The k5 experiment seemed to work very well, but rusty himself deleted trolls/spam/etc., and you don't want to be a deleter full-time. You could simply leave yourself open to checking posts whose unique IDs people mail you (postabuse@whatever.com), but then you run into fake-alert harrassment there. Anyone else?

    I wrote an essay partly on this topic; e-mail me for it.

  • a few days ago BT, the largest telecoms opperator here in the UK got taken down by a dos attack, the attacker claimed [theregister.co.uk] the reason for his actions was because BT cut the connetion to his cable modem once a night.
  • It's not an argument. It's not a validation. It's not a justification. It's an excuse for a bunch of juvenile delinquents to violate and destroy other people's property without any moral qualms.

    Yes and no. I have no problem with people breaking into systems (including my own) in order to find holes, snoop data, etc --- as long as they don't *prevent things from working*.

    I won't leave an open door, because that's (obviously) inviting trouble; but I don't object to non-destructive behavior.

    Deliberately knocking a system off of the net, however, is f****d up, and the people responsible should be beaten within an inch of their lives.
  • "Hollow Man" is an "Invisible Man" story starring Kevin ("Six Degrees of") Bacon. Haven't seen the movie, not shilling for it, but I guess he becomes invisible and starts stalking Elizabeth ("I was yummy-looking in Palmetto") Shue.

    I was reading this discussion when the ad came on; it was kinda surreal actually...

    Jay (=
  • the fact is that there are more promiscous little wenches in the world today, and because it's become more acceptable, and we have more AIDs and unwed mothers as a result. Don't get me wrong, those are probably good things, but don't blame the messengers.

    Oh yeah!

    Actually, I blame Regan for spreading AIDS, I mean, before him, there was no AIDS at all! Like, maybe 5 people had it.

    And when the messangers start to toss out very complex issues like unwed mothers, and focus the blame on ONE THING, you better have some data to back it up.

    Which you don't have, I'm assuming we're talking about teenage single mothers. So tell me, what happened to teenage single mothers a hundred years ago? Fifty years ago? Things like forced abortion, shotgun weddings, being sent off to live with their 'Aunt', seem to add to the mess.

    The fact is, people reach sexual maturity in the USA before society can deal with it. Although some of the blame rests on the individual, how long can you tell someone with a fully adult sex drive to hold off on sex?

    Later
    Erik Z
  • scoop.kuro5hin.org is now under atteck by the spammer. All of the comment threads have garbage in them. Anybody using the scoop engire should look out because it looks like the spammer is moving on to other sites as well.
    --
    Be insightful. If you can't be insightful, be informative.
    If you can't be informative, use my name
  • We need to take respect in what we do -- and in what our fellow programmers do. We need to understand, that be it volunteer site, or evil corporate empire, we can't do this shit. Period. This isn't hacking. But thats what it gets reported as to them. This isn't who we are, but thats what gets reported.

    Sure. Nobody here would disagree (except maybe the trolls, but we all ignore them anyway).

    Only ---

    what do you do with people who violate the unwritten rules? You can (a) pursue legal action, but that's difficult and *time consuming*; the legal system doesn't work on internet time --- and you may not even be able to identify the guy without going after him. You can (b) apply social sanctions --- but the 'script kiddies' aren't part of our social order; they respond to different pressures and rules, and our social sanctions are *useless* against them. You can (c) retaliate and take them out; or you can (d) ignore them and keep being victimized.

    For the most part, I agree with:


    Access to computers should be unlimited and total.
    All information should be free.
    Mistrust authority - promote decentralization.
    Hackers should be judged by their hacking not bogus criteria such as degrees, age, race, or position.
    You create art and beauty on a computer,
    Computers can change your life for the better.


    But something has to be done about the people that are undermining all of it in the name of a joyride.

  • And who would reap the benefits should that ultimately come to pass? In other words, is it really in the interest of well-monied companies to stop these attacks?

    That's unfortunately a good point. A lot of it boils down to how much money the company is spending trying to prevent this sort of attack --- the more they are spending, the more interested they are going to be in *not* spending it any more.

    ULtimately, though, the volunteers in the community are going to have to realize that the companies *are a different community* with different interests and goals, and that we shouldn't automagically expect them to share our interests and goals.

  • Good idea... (Score:5)

    by Wind_Walker ( 83965 ) on Wednesday July 26, 2000 @02:23AM (#904899) Homepage Journal
    Let's compound kuro5hin's problems with DOS attacks by posting not one, but 2 links to their site on the front page of /. That should definately help them get their bandwidth back...
    ------
  • Man, that really sucks. I *really* like(d) Kuro5hin . . . rusty (and company) had really done a nice job developing the engine, as well as a nice site. It's annoying that a few brain-dead twerps can ruin good stuff like this for the rest of us . . .

    -------

  • Something globally needs to be done against spammers, script kiddies and other forms of pond-life. Some useful newsgroups I used to frequent have been killed off by spam. I only read the uk.* hierarchy nowadays. Sites I need for work purposes have been DoS'd in the past

    You need a license and to pass a test before you can drive a car - you should also need a license before you can connect to the net. Those who commit offences should have their license revoked.

    Simillarly, licenses should also apply to those administrating servers - too many admins at the moment are utterly clueless, and should be ashamed of drawing their pay-cheque at the end of the month. This requires testing on security policies and practices, system maintenance, system updates and the rest. Maybe if this was already in place, breaches such as the Powergen one would never have happened. Draconian, I know, but I can't envisage any other solution that has any hope of working.

  • Re:Or... (Score:3)

    by HiQ ( 159108 ) on Wednesday July 26, 2000 @02:24AM (#904903)
    No, you're wrong. It's not the amount of work that forced them to take the site down. The last three days you could see that the story queue and article comments were being flooded with garbage; due to the nature of the story queue (open construction), this is a bigger problem than it ever could be on /. And apart from that there where continuing DOS attacks - the site was difficult or impossible to reach, and lots of times you would get an 'internal server error'. So it's not a question of hard work, but it was more & more impossible to keep the site up.
    How to make a sig
    without having an idea
  • I just sent a $20 donation to Rusty Foster (Kuro5hin.org's founder) with PayPal [paypal.com] using the rusty@intes.net [mailto] address listed in the WHOIS servers as the contact for kuro5hin.org. (At present, that email address isn't a registered PayPal user, but he's got 20 reasons to claim the money!) Here's the message I included along with the money:
    I'm very sad to see that "the bastards got you down". Kuro5hin.org was an interesting site that was just starting to take off. I had dozens of stories in my hotlist that I hadn't even had a chance to read yet. I do hope this shutdown is temporary; it was a good site. (I don't suppose you can put it up in a readonly mode for registered users to view old material?)


    I understand the frustration of dealing with assholes on a volunteer basis; I don't think anyone can fault you for shutting the site down. Still, I think it provided a valuable service to the community, and I think this situation is quite unfair to you. That's why I decided to send you this unsolicited $20 donation for Kuro5hin.org in appreciation for all your hard work. Whether or not you ever revive Kuro5hin.org, keep the money; you've earned it. (Use it to go see a good movie or something!)

    Take a break for a few days or weeks; it sounds like you need it. Then, consider if there's a way to bring it back, in a form less vulnerable to abuse. Perhaps anonymous ID's (with waiting periods before posting) and/or "sponsorship" by existing users might help somewhat; I don't know. Maybe just leaving the site down for a week or two will bore the current attackers into going someplace else.

    It sure would be nice to return to the spirit of cooperation that Usenet News had 20 years ago. Unfortunately, it's not clear how that's possible given the rampant wave of immature script kiddies ruining everything they can...
    Anyone else care to join me, and show that their all-volunteer efforts really are appreciated?
  • This IS sad and unfortunate and etc. But it is definitely NOT the same as if someone tore up the books in your reading room. No information was destroyed and even if it was it could presumably be easily recovered from backup.

    A better analogy would be: You provide a reading/public-discussion room. But now some bully is standing at the door intimidating everyone away.

    Let's don't fall into the "this email virus cost my company $18 trillion dollars" mind-set.
    --
    Give us our karma back! Punish Karma Whores through meta-mod!
  • Use the slashdot system, but don't tell people whether they have moderator status or not. Just let everyone moderate and ignore the actions of those who don't currently have the status.

  • About K5 (Score:3)

    by pwhysall ( 9225 ) on Wednesday July 26, 2000 @02:30AM (#904914)
    It is a weblog, like SlashDot. You create yourself a login, post stories, and discuss them.

    However, there are some significant differences. Probably the main one is that the submission process is open - you can see the stories that are waiting to be posted, comment on them (either on an editorial "fix-that-link" level or on a topical level) and then vote on whether the story should be posted or not.

    The other difference is that there is no karma - individual comments can be rated, and you can rate comments all the time, rather than waiting your turn for moderator points.

    Other differences include the fact that K5 is a volunteer effort, there's no non-censorship policy (trolls/spam/rubbish get deleted) and it's non-profit.

    When it returns, pay it a visit. You won't be sorry.
    --

  • Just as kuro5hin was really taking off (Score:4)

    by spiralx ( 97066 ) on Wednesday July 26, 2000 @02:31AM (#904917)

    I've been reading k5 for about six months now and IMHO it was just starting to really take off, probably about the same time rusty introduced the new story moderation system. There have been some great discussions there in the last few weeks - the site probably has a broader focus than /. thanks to its user-moderated story system and it generates a lot of good points.

    It's sad that people feel the need to do this. Does anyone remember the two [slashdot.org] stories [slashdot.org] that got spammed to death here on /.? One of the posters on k5, fluffy grue, owned up to those, saying he was bitter at how /. had turned out and thought he'd leave with a bang. Some people really need to stop taking these things so personally - if you don't like a site then find another or start your own, don't react like a petulant child.

    Anyway, I hope rusty can get k5 up and running again, because it would be a great shame for a site to be shut down because of the actions of one sad little person with nothing better to do than attack others.

    P.S. Is someone doing the same to /. as well? It seems to be awfully shaky recently.

  • How painful.. perhaps take some measures... (Score:5)

    by Rezand ( 164966 ) on Wednesday July 26, 2000 @02:34AM (#904922) Homepage

    I literally just started taking a liking to the site, and was really getting into the atmosphere they had. I'm quite disappointed (yet again) that we're going to have to fight off people doing this sort of thing for fun.

    One possibility is to turn off his 'Anonymous Hero' functionality for the time-being. Rusty's site has email verification for new accounts; should the spammer start manufacturing email accounts it may be easier to track him down, and even if not, you can delay the auto-verification emails to once an hour. It's also likely easier to add a 5-post a day limit to a particular account than it is to an anonymous user.

    Another temporary solution would be to only allow logged-in users to post/submit as Anonymous Heros. A bit backwards, but combined with the items above, could make it easier to track down the yucksters and reduce spam in the meantime.

    These temporary measures are certainly not ideal, but tough times call for tough measures. These work better on kuro5hin than they would on a bigger site like slashdot. Hopefully they will frustrate the spammers long enough that they can grow up, or at least let the site exist in a 'police-state' while they come up with more savvy protection.


  • "No information was destroyed"

    Actually, the database was corrupted at one point, and K5 rolled back about 9 hours, losing any posts and story submissions in that time.

    So yes, information was lost.
    --
  • Everyone knows that the signal/noise ratio here is very low and you have to wonder why cmdrtaco et. al. don't just get rid of the discussion area.

    Without the discussion area, there isn't much to /. It'd be just some links and an occassional Katz article. I don't even mind the signal/noise ratio here so much, but the conversational tone got lost when stories started getting 200+ comments in under an hour. Perhaps keeping more stuff off the main page is the answer?

  • trust-based models (Score:3)

    by Karmageddon ( 186836 ) on Wednesday July 26, 2000 @02:35AM (#904928)
    I'm looking forward to a net that has more trust-based culpability and security. Where anonymity is for people who don't abuse it.

    No! I'm not advocating for big brother. Let me give a small example. Kuro5hin should have turned off (via firewall/packet filter) the abusers. The other people who used addresses in those same ranges would have the recourse of going to their ISP and getting the miscreants kicked off. Then, kuro5hin could turn the IPs back on. It's a "little brother" approach, the typical way social systems worked in the old days in small towns, where the vandal's mother generally knew about the vandalism before the perp got home.

    It's a little bit the way ORBS [orbs.org] works, and though they attract a lot of anger, it seems to work pretty well to me. If the trust network got ubiquitous enough, even large criminal conspiracies like Network Solutions could be brought under control.

    I think it starts with ISPs cooperating in attacking abuse.

  • Not only is the site... (Score:3)

    by Jon Shaft ( 208648 ) on Wednesday July 26, 2000 @02:50AM (#904930) Homepage Journal
    Not only is kuro5 going to suffer from these DOS attacks, they're probably also going to suffer from our dearly beloved, dreaded slashdot effect...

    But anyways, Last week Cryptome [cryptome.com] suffered a hard icmp attack becasue of information they had pertaining to a CIA document about Japan.

    Can anyone point me to some articles that pertain to the psychology of script kiddies and their thinking of WHY they want to attack and destory other computers with such non-sense? I remember the thread posted here on slashdot a while back, but I browsed through it a few times and didn't find anything I'm looking for...

  • Of course /. is slow to report their own downtimes... they're down. And this was no ordinary "our server is flaky for a few minutes", K5 was getting creamed.
    Zorn
  • You can already do that; there's an option in the user page to set the maximum number of bytes to display before showing "read more". However, I do agree that the maximum number of lines would make more sense. That would also work against the people who post really short lines to get attention.
    --

  • Much ado about nothing... (Score:3)

    by tofus ( 201424 ) on Wednesday July 26, 2000 @02:35AM (#904933)
    Okay, i can understand you volunteer to work on a community site without getting paid for it. I also understand you have a lot of work to do, so keeping security at the optimum level is prolly out of the question. I also understand you don't like it if someone phuxors up the site that you put so many (unpaid) hours into. I even understand you get pissed. What i don't understand is the reaction to this particular action: closing down the site... I mean: if the damage was too big, put back a backup (i recon you have backups). Shit happens. Not only on the Net. And the more shit happens on the Net, the more it's a sign that people are actually doing things with it. Isn't this precisely what geeks have been wanting? A free internet for everyone? Then accept a mishap every now and then. The only thing that really got cranked was your pride. Take a good night's sleep, and get over that. You cannot pull the plug from a site you've worked on with pleasure. You cannot give those little bastards that satisfaction.... Just keep your chin up!
  • That does seem like quite a good idea actually

    extending that further I detect which users would moderate post in accordance with other users and then give them a higher weighting.

    Or is that going to make my head explode.

  • You know how loads of people moan about /. on a regular basis? "CmdrTaco doesn't do y", "There's too much z", "This is offtopic" etc? Well, in line with the open source ethic, Rusty decided to actually do something about it, and set up his own take on what Slashdot could be.

    After about 6 months it had grown and changed massively, with a few thousand users and loads of good discussion. Talk was the emphaisis, rather than news, although it beat Slashdot on several stories. Rusty was trying not to make the mistakes he saw that /. had made. It attracted a good crowd, with loads of good discussion and very little trolling (which was totally deleted rather than being moderated down).

    The best thing about it was that the story queue was open; all users were editors too. It worked really well, with everyone willing to accept that a story had got onto the site by merit and not prejudice.

    It was great, and if it doesn't return I have no doubt that something else will fill it's place.

    (btw, Rusty, if you're reading this, thanks and good luck)

  • Re:Or... (Score:3)

    by spiralx ( 97066 ) on Wednesday July 26, 2000 @02:36AM (#904937)

    The Jon Erikson type trolls make a certain degree of sense.

    As the real poster behind Jon Erikson I can honestly say that people like myself, osm, gnarphlager etc. all like /. and don't want to see it ruined at all. What we do isn't aimed at breaking /. and we all hate idiots like Penis Bird Guy as much as anyone.

    Things like Patrick Bateman and hot grits have become funny in the same way a running joke does, and because they are only one comment per article. The cut 'n' pasters are all cunts IMHO and add nothing to the conversation at all.

  • It is sad to see them go. I hope whoever is responsible for this crap get prosecuted in some way.

    There seem to have become more automated crap postings here lately too. With the goatse thing and other lameness.

    Makes me wonder who will be their next target. Technocrat.net?

    Screw DOS'ers.

  • Another DoS Attack (Score:3)

    by Jim Tyre ( 100017 ) on Wednesday July 26, 2000 @02:53AM (#904944) Homepage
    Last week, Slashdot reported [slashdot.org] that John Young's cryptome.org was being threatened by the FBI on account of some documents posted there. Pretty much ever since, it has been been down because of a DoS attack.

    There was a brief report [wired.com] in Wired on Monday, and John confirmed in email last night.

    I have no idea if this is a new trend in sites targetted for DoS attacks, but definitely it is not good.

  • You also want to reserve the right to delete ...

    if you delete, you are exercising editorial control and you become legally liable for civil lawsuits from people who think they've been libelled, infringed, or even spindled. The "many moderators" model is an attempt to get the benefits of "dropping" junk without incurring the liability.

  • Re: Resident thicky (Score:5)

    by fireproof ( 6438 ) on Wednesday July 26, 2000 @02:40AM (#904949) Homepage
    Kuro5shin was a Slashdot-like site, devoted to the discussion of technology and culture. It was different from Slashdot in that anyone, even folks without an account, could submit a story to the submission queue. Registered users could then vote on whether to post the story to the front page or not.

    Its user base was much smaller than Slashdot, and as of the time the attacks started, discussion tended to be more "useful" than what we have here at Slashdot now, since it hadn't attracted the attention of most of the internet. I've been around Slashdot long enough that it reminds me of what this place used to be like in the early days (from my perspective, late 1997 - early 1998).

    If you want to have an idea of what the flavor of Kuro5hin was, have a look at scoop.kuro5hin.org [kuro5hin.org], the development site for the scoop engine, the back end of Kuro5hin. I assume the engine is still under development despite the shutdown, and I certainly hope it continues to be developed in the face of all this crap.

    I'm not dumb enough or idealistic enough to have expected that Kuro5hin wouldn't have eventually been overrun with the same kind of gargage that Slashdot gets every day, and I don't expect that it will never happen again to sites like Slashdot or Kuro5hin again either. It's sad, but probably just a fact of life that we're just going to have to deal with idiots. Slashdot has shown that technical solutions aren't capable of solving other peoples' personal problems, even though they can seem to make them manageable. I guess the fact of the matter is that no amount of good coding (or bad coding either, for that matter) can keep a jackass from being a jackass.

    -------

  • There's some people out there who are intrinsically creators, and others who are more interested in destruction.

    I'm reminded of a day at the beach a few years ago where I watched a father and his son build a sand castle. When the finished, the father said to his son, "Do you know what the the best part of this is, David? It's WRECKING the castle!" and then the boy proceded to kick and batter the towers while his father laughed encouragingly.

    Script kiddies actually enjoy destroying other people's work. It makes them feel powerful. It's really sad that these leeches on society push us one step back for every two steps forward.
  • I detect which users would moderate post in accordance with other users and then give them a higher weighting.

    This can be abused quite easily - user can just display posts with rating +5, and moderate them up. You would give him credit based on nothing more than the ability of read the article rating.

    -Yenya
    -Yenya
    --

  • Hey, jagoff, read the fucking story. The DOS is not bandwidth related, per se. It is posting related. Too many bogus posts for them to keep up with/delete. Having a bunch of people visit their site wasn't the problem.

    Try clicking on the link before you call 'em a jagoff. Here's a clip from the main page at kuro5.

    As most of you know, for the past three days, kuro5hin.org has been subject to a series of automated "spam" type attacks by persons currently unknown. The story queue has been filled with crap, the comments have been filled with crap, and we've been hit with denial of service flood attacks, presumably intended to crash the server. We're tired of this shit.

    So they were hit with BOTH spam attacks AND DOS flooding attacks.

  • Anti-troll / spam filter idea for slashdot! (Score:3)

    by rent ( 66355 ) on Wednesday July 26, 2000 @02:58AM (#904957) Homepage
    Ok, this is not fool proof - but it could eliminate about half of the annoying & redundant posts we see on slashdot each day.

    Before the post is published on slashdot, you could take the md5 hash code of the post.
    As the post gets moderated down, the corresponding hash code of the post would then be updated to keep a tally count of how many times that particular hash code / post was moderated down.

    Now, if a user decides to submit a new post to slashdot, the md5 hash code is taken and compared with all the previous hash codes. If a code matches, then the tally count is retrieved. If the tally count is more than three, slashdot will refuse the user to post.

    The md5 hash codes are used for efficiency (much easier to match bit pattern of a hash code then 1000's of bytes of ascii code!)

    This would not work well if the abusing user decides to spam slashdot with random garbage. However it might be useful if it worked in combination with the 60second ban, lameness filter etc.

    You could also implement an automated process that will change the values of the name="whatever" parameters in the HTML tag to crush those automated posting scripts. (a process will need to change the script source as well) Or have some sort of token value hidden in the form - and only a client that posted with the current token can be accepted.
  • Let's compound kuro5hin's problems with DOS attacks by posting not one, but 2 links to their site on the front page of /. That should definately help them get their bandwidth back...

    Pesky Microsoft operating systems, always bringing down web sites... why would Kuro5hin be running DOS on a Web server anyways? That's crazy. :)

  • I'm sure some 13-year-old kid is sitting back basking in the glory of how 1337 he is. Sorry, kiddo, but this kind of thing is just like pouring sump oil all over a football field - one built on the donations of lots of hard-working indviduals. It's not clever, it's not even vaguely hard to do, and it makes life tough for people who are just trying to have fun and make life better for the rest of us.

    I discovered early in life that you could have fun doing *useful* things with computers. For your sake, my sake, and the greater good, please redirect your talents to something else before you get caught and suffer the appropriate consequences of your actions.

    On another note, if the individuals involved in the attacks on K5 get caught, what punishment would other readers suggest? Personally, I would like them to do community service using computers to help people - doing a web site for a senior citizens' group, helping teach the unemployed computer skills (if the perpetrators are old enough to do that) - that kind of thing. What do you think, people?

  • A new meaning! (Score:4)

    by jacobm ( 68967 ) on Wednesday July 26, 2000 @03:01AM (#904966) Homepage
    Congratulations! You've just invented a secondary meaning of the word 'slashdotted!'

    Slashdot, v.

    1. To bring an Internet site, esp. one with an HTTP server, offline due to excessive demand for its contents as a result of its mention on Slashdot. "Let's hope that memepool [memepool.com] doesn't get slashdotted by this..."

    2. To destroy what might otherwise be an intelligent public discourse by flooding it with nonsense or deliberately offensive or stupid garbage. "Looks like George and Al are trying to slashdot the election."
    --
    -jacob
  • I agree with you that the "little brother" idea is a bad idea, but not for the same reason you do.

    The subnets the attacks came from are most likely NOT the ones of the attacker -- just the ones of some sorry people who have an open socks, Back Orifice, Netbus, installed on their hdd and are not aware of it.

    To me, this is a point in favour of the "little brother" approach - if there are people who are clueless enough to let it happen, they should be punished until they fix the problem.

    "I know I kept my AK47 in an unlocked display case on my front yard along with 50 clips of ammo, but it's not MY fault that someone took it and committed crimes with it."

Slashdot Top Deals

Talent does what it can. Genius does what it must. You do what you get paid to do.

Close