Anatomy of a bad RSS reader

by Volker Weber

User enters his office at the University of Paderborn and switches on his computer at 9am. Fetches the RSS feed at 09:05:37 and reads two pages seven seconds later with his Firefox 1.5.0.1 browser. Twenty seconds later he reads another page. Less than two hours later he loads his robot and all hell breaks loose. He fetches the RSS feed 11,861 times in the next 42 minutes and 24 seconds.

131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:10:49:17 +0100] "GET /index.rdf HTTP/1.1"
....
131.234.xxx.xx - - [27/Feb/2006:11:31:41 +0100] "GET /index.rdf HTTP/1.1"
131.234.xxx.xx - - [27/Feb/2006:11:31:41 +0100] "GET /index.rdf HTTP/1.1"

Then the storm ends. User reads three more pages throughout the day and shuts down his computer shortly after 5pm.

What a job. Nine to five. And I bet that at home he has DSL service from Arcor. His address is now blocked. If you are working at the University of Paderborn and someone tells you he cannot access my site, then you will know.

Is anybody betting against me if I say this is a Notes agent? :-)

2006-02-28 :: email :: bookmark :: digg

Comments

Doesn't fit to a Notes agent description. Notes agents can't normally be scheduled to run in that fast sequence and they time out after a while (in case the get is in a non terminating loop). Even if it is a Java agent Notes tears down the agent jvm, so a thread wouldn't survive the timeout either.

Would be interesting to find the real culprit (code). Does the university know and takes action?

:-) stw

Stephan H. Wissel, 2006-02-28 02:55

Even if the network officials on university level don't know, there is a fairly dense community at UPB who read vowe dot net, at least if it's among the faculty/staff (Students are harder to track down to an IP, since there IP adresses are more dynamic). So I guess there's going to be enough social correction :-).

Ragnar Schierholz, 2006-02-28 07:53

Do you have access to the log containing the UserAgent strings? That may give you some insight into who/what is doing it.

Jan-Piet Mens, 2006-02-28 08:07

Jan-Piet, of course I have. Where do you think this data is from? :-) And no, the UserAgent string does not contain any conclusive data. Just like I would expect from this agent.

Volker Weber, 2006-02-28 08:43

As the first comment said, unlikely to be Notes at that polling frequency.

Ben Rose, 2006-02-28 14:37

Post a comment











Shall I remember this for you?




Use your full name and a working email address. Unless you want your comment to be removed. No kidding.



Recent comments

Stephan H. Wissel on Notes.ini parameter RunFaster=1 is finally here at 05:24
Volker Weber on It has only been less than two hours at 01:33
Thomas "Duffbert" Duff on It has only been less than two hours at 01:26
Chris Linfoot on Planet Lotus not picking up Christopher's feed at 21:56
Yancy Lent on Planet Lotus not picking up Christopher's feed at 19:48
Bruce Elgort on Robin Bloor: Why Google Chrome Will Dominate at 18:51
Mac Guidera on Planet Lotus not picking up Christopher's feed at 16:04
Kevan Emmott on 824 Chrome users so far today at 15:56
Chris Linfoot on Planet Lotus not picking up Christopher's feed at 14:54
Lars Berntrop-Bos on Planet Lotus not picking up Christopher's feed at 13:12
Andreas Braukmann on 824 Chrome users so far today at 11:33
Nick Daisley on Robin Bloor: Why Google Chrome Will Dominate at 10:14
Chris Linfoot on Planet Lotus not picking up Christopher's feed at 09:42
Alper Iseri on 824 Chrome users so far today at 09:38
Jean Pierre Wenzel on 824 Chrome users so far today at 08:37
Jan-Piet Mens on Robin Bloor: Why Google Chrome Will Dominate at 08:26
Benjamin Stein on Synchronizing iPhone with ... Lotus Notes at 07:18
Greg Walrath on Party like it's 2008 at 06:56
Andy Brunner on Party like it's 2008 at 05:41
Michelle O'Rorke on Synchronizing iPhone with ... Lotus Notes at 05:01
Arthur Fontaine on Chrome in the wild at 03:26
Yancy Lent on Planet Lotus not picking up Christopher's feed at 02:15
Ben Poole on Robin Bloor: Why Google Chrome Will Dominate at 01:32
Ben Poole on Planet Lotus not picking up Christopher's feed at 01:26
Oliver Regelmann on Chrome in the wild at 23:43

Ceci n'est pas un blog

vowe.net is a personal website published by Volker Weber a.k.a. vowe. I am an author, consultant and systems architect based in Darmstadt, Germany.

rss Click here to subscribe

Hello

About me
Contact
Publications
Certificates
Frequently asked questions

Twitter Updates

More >

Poll

Can you bring a camera phone to work?

Getting poll results. Please wait...

Local time is 08:26

visitors.gif
154 visitors online

News

Other sources of news, imported into my own format to make them more accessible:

Heise Online
Schlagzeilen
Weather

Archives

As most of my articles roll off the front page rather quickly, I am making an archive of previous posts available here. You can also use the handy search box at the top of the page if you are looking for something particular.

Last 30 days
More archives

Got the T-shirt?

Got the T-shirt?
Are you buying from the US?

Systems Architecture

This site runs on an Apache web server on top of the Linux operating system. The content is managed with MovableType which is implemented in Perl. Last but not least the HTML code your browser sees is put together with PHP.

© 1992-2008 Volker Weber.
All Rights Reserved.

Impressum