Anatomy of a bad RSS reader
by Volker Weber
User enters his office at the University of Paderborn and switches on his computer at 9am. Fetches the RSS feed at 09:05:37 and reads two pages seven seconds later with his Firefox 1.5.0.1 browser. Twenty seconds later he reads another page. Less than two hours later he loads his robot and all hell breaks loose. He fetches the RSS feed 11,861 times in the next 42 minutes and 24 seconds.
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
....
131.234.xxx.xx - - [27/Feb/2006:11:31:41 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:11:31:41 +0100] "GET /index.rdf HTTP/1.1"
Then the storm ends. User reads three more pages throughout the day and shuts down his computer shortly after 5pm.
What a job. Nine to five. And I bet that at home he has DSL service from Arcor. His address is now blocked. If you are working at the University of Paderborn and someone tells you he cannot access my site, then you will know.
Is anybody betting against me if I say this is a Notes agent? :-)
Comments
Doesn't fit to a Notes agent description. Notes agents can't normally be scheduled to run in that fast sequence and they time out after a while (in case the get is in a non terminating loop). Even if it is a Java agent Notes tears down the agent jvm, so a thread wouldn't survive the timeout either.
Would be interesting to find the real culprit (code). Does the university know and takes action?
:-) stw
Even if the network officials on university level don't know, there is a fairly dense community at UPB who read vowe dot net, at least if it's among the faculty/staff (Students are harder to track down to an IP, since there IP adresses are more dynamic). So I guess there's going to be enough social correction :-).
Do you have access to the log containing the UserAgent strings? That may give you some insight into who/what is doing it.
Jan-Piet, of course I have. Where do you think this data is from? :-) And no, the UserAgent string does not contain any conclusive data. Just like I would expect from this agent.
As the first comment said, unlikely to be Notes at that polling frequency.
Post a comment
Recent comments
Christian Tillmanns on Meeeeeeeeeeep at 08:41
Wolfgang Siebeck on Nokia Belle is available at 05:58
Ingo Martinz on Meeeeeeeeeeep at 22:32
Axel Koerv on Meeeeeeeeeeep at 21:57
Roland Dressler on Outlook to Notes converter: from PST to NSF at 11:50
Karl Heindel on Outlook to Notes converter: from PST to NSF at 10:30
Jerry Preissler on LibreOffice vs Apache OpenOffice at 13:47
Mariano Kamp on How to commit at 09:41
Bernd Vellguth on Outlook to Notes converter: from PST to NSF at 02:05
Thilo Hamberger on Outlook to Notes converter: from PST to NSF at 16:40
Jens Bruntt on Free PlayBook for your Android app submission at 11:47
Karl Heindel on Outlook to Notes converter: from PST to NSF at 20:26
Roland Dressler on Outlook to Notes converter: from PST to NSF at 15:12
Stephan H. Wissel on heise online: IBM plant Stellenabbau in Deutschland at 08:38
Jan Lauer on heise online: IBM plant Stellenabbau in Deutschland at 04:13
Juergen Heinrich on Balance at 03:29
Jörg Hermann on Girls On Longboards at 02:42
Stephan H. Wissel on heise online: IBM plant Stellenabbau in Deutschland at 23:21
Joerg Michael on heise online: IBM plant Stellenabbau in Deutschland at 21:01
Ben Poole on Outlook to Notes converter: from PST to NSF at 19:46
David Hablewitz on BlackBerry Business Cloud Services with Microsoft Office 365 at 16:44
Patrick Picard on RIM tries to be social. Falls flat on face. at 16:00
Volker Weber on Outlook to Notes converter: from PST to NSF at 10:29
Richard Hogan on Outlook to Notes converter: from PST to NSF at 10:26
Joachim Haydecker on Girls On Longboards at 08:26
Click here to subscribe
