On Sat, Aug 21, 2010 at 3:04 PM, Thomas Grimshaw <t...@streamsense.net> wrote: > Loading 1mb of content per user is hardly a denial of service attack. > Crosslinking occurs everywhere on the web, this is simply nothing but > paranoid bull.
This isn't normal crosslinking. The images and content loaded weren't actually used for anything - they were all hidden in a 1-pixel DIV to make them totally invisible to the user. (The Emerald developers wouldn't want them to be displayed on the login screen since many of the images were ones showing they'd been up to no good.) You also have no idea how often the Emerald login screen is viewed, do you? I'll give you a hint - this apparently worked out at around 70-120 GB per day of data transfer[1]. At the cheaper end of excess bandwidth charges, this could easily have cost a victim £200 per day or more - most people don't have over 2 terabytes of monthly transfer allowance included in their web hosting plan, which is how much would've been needed to withstand this attack. Before the Emerald developers upgraded their webserver to something seriously beefy, just the normal requests for the login screen were bringing their website to a standstill, and the number of users has only increased since then. And the bandwidth usage isn't even the main DDoS vector. The Emerald login screen was set up to waste lots of server CPU time by making 20 worthless requests for PHP-generated content on the victim server every time someone viewed it. That did cause some real performance issues for the victim site - shared hosting really can't cope with this kind of request rate for dynamically-generated content. [1] http://www.sluniverse.com/php/vb/general-sl-discussion/47885-emerald-problem-conspiracy-theory-5.html#post999709 _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
