Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is how they're doing it: http://gawker.com/5877707/

Reeling in unwitting volunteers from Twitter



Interesting. I wonder if the js version behaves identically to the .net one. If so, it could offer plausible deniability to any LOICers out there. I'm not condoning the practice, but it is a creative solution to having your primary tool be rendered toxic by the op payback arrests.


the js version does something like

  setInterval(function(){
    var i = new Image();
    i.src = target + randId + msg;
    ... // event handling
  }, 0)
so you end up requesting an url every 0 ms the randId is just a simple `Date.now`, the message is an actual message taken from an input in the html. Source code: http://hastebin.com/gasitinafo.js


That's pretty nasty. Surely defense against this kind of thing should be built into browsers although you would need to detect an unending loop causing HTTP requests so run into the halting problem I guess.

If they are tricking people into performing what is potentially a criminal act then they lose the limited amount of respect I did have for them.


My recent version of Firefox defaults to a limit of 15 connections per server. So there is some defense built in.


Yea but as soon as one connection is finished it can just spawn another one so 15 concurrent connections is more than enough to do damage.

Once you start doing thousands of concurrent connections you more likely to kill your router anyway.


The Firefox addon RequestPolicy will protect you from this.


This should be something that is default in the browser, the issue is to stop the less tech savvy user unwittingly perpetrate a DDOS.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: