Kuro5hin.org
July 26, 2000 9:57 AM   Subscribe

ouch - I like kuro5hin, and all I can hope is that a similar attack never happens here (which is setup much like kuro5hin in terms of how people post).
posted by mathowie at 10:43 AM on July 26, 2000

I am actively involved with PHPSlash, a Slashdot-like comment management system, based on PHP. I think the K5 incident will wake up a lot of people --I know it did us-- and we will eventually come up with a way to deal with this. There are already ideas flying on the PHPSlash list.

IMHO, the worst part of the K5 attack wasn't the ping flood --I think they used that 'weapon' too, but the active spamming of the discussion forums, story submission queue, polls, etc. That really is an attack against the community itself, as it will take days of cleaning up the database to recover from the spam.

I think that part of the attack at least (which /. is just now starting to counter) can be fought against technologically. We shall see...
posted by costas at 11:11 AM on July 26, 2000

Tragedy of the commons.
posted by dhartung at 11:26 AM on July 26, 2000

I'm awfully glad Inoshiro is on the side of K5 though. The guy knows his security, and considering he had a hand in tightening K5 previously, I imagine they'll have plenty of logs to use to find the perpetrator(s).

I like K5 for the many of the same reasons I like MeFi. Very high signal ratio, from (mostly :-) highly intelligent technophiles, and most of the discussion revolved around sociological ramifications of various technologies than the /. "Hey, here's cool tech" stuff.

Different sites for different topics are good, and K5 was, and will be again I'm sure, one of the best.
posted by cCranium at 12:24 PM on July 26, 2000

How the hell do you pronounce "Kuro5hin" anyway? Always wondered that.

Anyway, how coordinated is this attack? Couldn't they have found a way to just firewall the jerk or jerks doing it?
posted by aaron at 3:31 PM on July 26, 2000

It's pronounced "corrosion". Found that out two days ago, when I finally applied for membership (sniff)...
posted by nikzhowz at 3:40 PM on July 26, 2000

ahh. that makes sense. Thanks.
posted by aaron at 4:27 PM on July 26, 2000

aaron,

from what I understand, both from rusty's postings before the "final shutdown", and from conversation on /., is that it was a full-fledged DOS attack plus filling up the comments, story queue, etc., with cruft.

They're using multiple IPs, because whomever is orchestrating the attack has cracked other, poorly secured boxen, so just shutting out the IPs is nearly impossible.

There are various things that could be done to control the flood of cruft. You could limit stories in the queue per user (ie, 5/day or something) and limit the number of comments, but then the people that make Kuro5hin interesting - the commenters - are restricted because of a couple of bastards decided to pretend they're 'l33t and ran a few scripts.

Kuro5hin's been taken down completely because the flood of attacks has gone on since Sunday, and the people who really run the site just don't have the time or patience to deal with fixing a vulnerability, then being hit with a new one.

Honestly? I don't blame them. I'm currently beating my head against a comparitively simple nat problem on my gateway at home and after a day of work it's just frustrating to sit there and be stymied at every turn by my ignorance. I can't imagine what it's like fighting another (arguably :-) sentient being for days on end.

I hope they keep a diary of the events though. It'll be interesting to see how they track down and destroy (because they will. Like I said, Inoshiro knows his networks and is an opponent I wouldn't want to be up against) the fools doing this. All in a legal matter, I'm sure.

I personally find it much more entertaining to picture the perpatrator waking up to an FBI agent pointing an assault rifle at his head than to picture the same perpatrator waking up and finding his hdd trashed.
posted by cCranium at 6:52 AM on July 27, 2000