Anatomy of a bad RSS reader

by Volker Weber

User enters his office at the University of Paderborn and switches on his computer at 9am. Fetches the RSS feed at 09:05:37 and reads two pages seven seconds later with his Firefox 1.5.0.1 browser. Twenty seconds later he reads another page. Less than two hours later he loads his robot and all hell breaks loose. He fetches the RSS feed 11,861 times in the next 42 minutes and 24 seconds.

131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
....
131.234.xxx.xx - - [27/Feb/2006:11:31:41 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:11:31:41 +0100] "GET /index.rdf HTTP/1.1"

Then the storm ends. User reads three more pages throughout the day and shuts down his computer shortly after 5pm.

What a job. Nine to five. And I bet that at home he has DSL service from Arcor. His address is now blocked. If you are working at the University of Paderborn and someone tells you he cannot access my site, then you will know.

Is anybody betting against me if I say this is a Notes agent? :-)

2006-02-28 :: email :: bookmark :: digg

Comments

Doesn't fit to a Notes agent description. Notes agents can't normally be scheduled to run in that fast sequence and they time out after a while (in case the get is in a non terminating loop). Even if it is a Java agent Notes tears down the agent jvm, so a thread wouldn't survive the timeout either.

Would be interesting to find the real culprit (code). Does the university know and takes action?

:-) stw

Stephan H. Wissel, 2006-02-28 02:55

Even if the network officials on university level don't know, there is a fairly dense community at UPB who read vowe dot net, at least if it's among the faculty/staff (Students are harder to track down to an IP, since there IP adresses are more dynamic). So I guess there's going to be enough social correction :-).

Ragnar Schierholz, 2006-02-28 07:53

Do you have access to the log containing the UserAgent strings? That may give you some insight into who/what is doing it.

Jan-Piet Mens, 2006-02-28 08:07

Jan-Piet, of course I have. Where do you think this data is from? :-) And no, the UserAgent string does not contain any conclusive data. Just like I would expect from this agent.

Volker Weber, 2006-02-28 08:43

As the first comment said, unlikely to be Notes at that polling frequency.

Ben Rose, 2006-02-28 14:37

Post a comment











Shall I remember this for you?




Use your full name and a working email address. Unless you want your comment to be removed. No kidding.



Ceci n'est pas un blog

vowe.net is a personal website published by Volker Weber a.k.a. vowe. I am an author, consultant and systems architect based in Darmstadt, Germany.

rss Click here to subscribe

Hello

About me
Contact
Publications
Certificates
Frequently asked questions
Join the network

Twitter Updates

More >

Poll

Which Smartphone do you want?

Getting poll results. Please wait...

Local time is 10:49

visitors.gif
120 visitors online

News

Other sources of news, imported into my own format to make them more accessible:

Heise Online
Schlagzeilen
Weather

Archives

As most of my articles roll off the front page rather quickly, I am making an archive of previous posts available here. You can also use the handy search box at the top of the page if you are looking for something particular.

Last 30 days
More archives

Got the T-shirt?

Got the T-shirt?

Systems Architecture

This site runs on an Apache web server on top of the Linux operating system. The content is managed with MovableType which is implemented in Perl. Last but not least the HTML code your browser sees is put together with PHP.

© 1992-2009 Volker Weber.
All Rights Reserved.

Impressum