DoubleClick Hit by DDoS Attack

YetAnotherName writes "The Washington Times is reporting that everyone's most beloved online advertising distributor, DoubleClick, was subject to a DoS attack crippling the company's DNS servers, and preventing up to 75% of advertising from making it to web pages and surfers' eyes."

Hero!

[dhakbar]

They are truly my hero! Double-click can suck it. Twice.

poetic justice....

[super_ogg]

Trying to get rid of traffic they don't want to see... sounds like trying to get rid of adds we don't want to see.
ogg

Problem with infrastructure companies

[PIPBoy3000]

The issue wasn't that Double Click had problems, but that every site that uses them become very slow.

Until the basic routing infrastructure of the net changes, this is going to be a common issue anytime a number of big sites all require another organization to serve up their pages (e.g. Akamai).

Good?

[Jack9]

I'm a little disappointed that a group of fairly die-hard anti-doubleclick geeks could only hobble it a few hours at 75%...it may simply have been more effective to introduce a nasty virus into their network, so we'll just call this attack a symbolic way to raise awareness of this historically nasty company. I much rather have heard that a more intrusive and smaller company like CoolWeb was attacked.

3rd worst servers in existence ?

[zymano]

1. Terrorist training servers.
2. Goatzee
3. Doubleclick

Your list ?

Re:Good or bad?

[Anonymous Coward]

Yes. Also, keep in mind that this didn't only hurt doubleclick - it also hurt the webmasters that used doubleclick ads on their site. For some, a day's worth of ad revenues may be the difference between being able to eat one day or not.

Likewise, cracking down on drug abuse doesn't only hurt dealers - it also hurts the junkies.

Some of us are of the opinion that while in the short term the people who are hurt by restricting despicable activities may deserve our sympathies, perhaps in the long term they would be better off finding a more socially acceptable way of life?

Re:Problem with infrastructure companies

[Ieshan]

I'm not sure why.

Part of a contract to use DoubleClick ought to be a server-flag. They send you a packet every 30 seconds that says their servers are operational and a flag is set on your machine. If more than 30 seconds goes by, the flag is automatically set to "off". Their scripts [which run on your machine] check that flag before they serve up ad content, otherwise, the scripts print out either white-space or a set of pre-loaded advertisements (that they don't have to find on double-click servers).

Doubleclick, and 99% of websites out there, can easily handle the load of setting a flag on servers that load their content. This would virtually solve this problem.

Re:Sad news

[LOL WTF OMG!!!!!!!!!]

Or, you can do what I did for Safari, and use a .css that blocks out ads featuring the typical properties of ads.

It also adds a little unicode email character next to email links, and colors java or javascript links green.

Re:Sad news

[0x0d0a]

Would a cracker 127.0.0.1'ing doubleclock via a worm or virus be a black hat or a white hat?

Re:I've wondered about a grass roots anti-spam bom

[Lord Grey]

My tests of 300,000+ spam messages counted less than 5000 unique domains in there as the target sites once you decoded and stripped the subdomains, machines, and zones out.

I think the actual number of physical systems is even lower than that.

I wrote my own spam filter. One of things it does is decode the message body, isolate those web addresses, then perform a simple blacklist/whitelist check on both the web server name and IP address. It turned out that, on average, every IP address was the home of three or four names.

That may not be a representative sample, though. Most of my spam is rejected by one of the DNSBLs; only mail that makes it over that hurdle actually gets the message body checked. That comes out to (usually) less than 10 web-server-based rejections per day.

But hey, I'm not going to complain. I average about one piece of spam every five days or so.

Re:Problem with infrastructure companies

[realdpk]

The last thing Doubleclick (or any advertiser) wants to do is give the webmaster the impression that their network is unstable, and give them a way to easily shut their ads off.

It's still a very competitive market.

Random question...

[ScytheBlade1]

Am I the only one, who after reading the doubleclick DoS article here [washingtontimes.com] found that their usage of the term 'hackers' was really rather....stupid? Something to that point? After reading the Great Hackers [paulgraham.com] article, anyways... Surely I can't be the only one who was bugged by this.

Devil's Advocate

[sterno]

I'm no big fan of DoubleClick but think about this for just a moment. All those sites that you go to that have these ads are staying in business because of them. If DoubleClick went away so would a lot of that content.

Re:Good or bad?

[irokitt]

It's worth noting that the attack on DoubleClick, which is an Evil Corporation (TM), also affected the ~900 sites that use DoubleClick to serve their ads. Those sites had to wait for their ad cycle to time out or something (IANAWD). So quite a few web sites were affected, with slow loading times. Sites that disabled DoubleClick ad banners had to deal with the fact that, for the better part of a day, they lost all banner revenue. So in the end, this DDOS was probably just a Bad Thing (TM).

Re:Sad news

[Anonymous Coward]

I don't think I've seen a banner ad in a year or so.

I have. I don't mind them when they don't blink or aren't placed in a really annoying position. If they do either of these things, I block the ad company that provides the ads. I do actually send quite a bit of business to online advertisers. Moral of the story? If you want my money, don't use an ad company that allows annoying ads.

Re:Don't tolerate them

[Anonymous Coward]

This is completely off-topic of me, but...

I wish people could get as worked up about stopping war as they do about stopping hackers.

So fucking sad. So very fucking sad.

Replace a 'DDoS' with 'war' and kernel.org/microsoft.com with any two nation names and re-read your post if you are wondering wtf I'm talking about. ;)

Of course, that would get you modded to oblivion on /., but oh well.

legal DDOS of doubleclick here...

[bani]

http://adzapper.sourceforge.net/

a nifty plugin for squid. does more than just remove ads, it replaces them with a 'this ad zapped' image / swf, so pages don't render weird.

it's written in perl so it's easy to hack and is easily configurable.

Re:Quick refresher on how the "FREE" sites work...

[DMUTPeregrine]

I block ads, then when I open sites I use regularly I either make a donation, or just unblock ads and click all the links. If they lead to something intereseting, I'll often buy it. /. generally has well targeted ads, so I don't often block OSDN stuff. Nor do I block google's text ads, as they are often quite useful.

Explains why client-web sites were slow?

[dpuu]

Yesterday, I noticed that "MyYahoo" page was very slow to update when fetching from the ad websites. I use the FireFox AdBlock extension, but that doesn't stop it from running JavaScript that it has to fetch from a 3rd-party site. Because the browser doesn't display the page until the script is fetched, the page appeared very slow, even though I don't see the ads.

I found the PreferenceBar extension really useful. I just unclick the "JavaScript" checkbox, and the pages speed up again. Now, if only I could create a plugin that does site-specific JavaScript blocking...

That explains it

[CaroKann]

That may explain why so many web pages with doubleclick ads have been loading so slowly lately. It has been really annoying; in many cases the rest of the page won't display until the add is finished loading.

Re:Sad news

[JabberWokky]

That sword cuts both ways - if a site uses ads any more obtrusive than a google ad, I block it

I have an urge to give a snotty "you block a whole site because of their ads? Isn't that excessive"?

But that is kind of the point - I am sure that you can justify using the site without the ads. Justification is the parlor game of most internet power users. I just don't see it that way. If I walk into a bar with a two drink minimum, even if it is not enforced, the right thing to do is order two drinks. I'll sit at a diner for hours with a cup of coffee, but I won't do it during a mealtime rush. These are things that aren't illegal, but are merely rude; you are taking advantage of the proprietor.

How is blocking the ads but using the site not an immoral act? Not a terrible one like cheating on your wife, but mild one like skipping on the two drink minimum or leaving a lousy tip?

I tip well, I follow the rules, both official and unspoken of an establishment that I enjoy, and I leave the ads on if I read the site. The glee of saving a few bucks by not leaving a tip is tempered by recognizing that there's a waitress who you just screwed. Is it because you can't see the work that the author put into the site? Is it moral because you don't see the website employees you've (mildly) screwed over?

--
Evan

Re:Sad news

[Anonymous Coward]

Check out the 2 year graph. I think it puts things in perspective. http://www.alexa.com/data/details/traffic_details? &range=2y&size=large&compare_sites=slashdot.org&ur l=http://www.doubleclick.com#graph [alexa.com]

Re:Quick refresher on how the "FREE" sites work...

[NevermindPhreak]

"i'm lovin' it."
"just do it."
"takes a licking and keeps on ticking."

if any of these phrases bring a companies name to mind, and any ideas about that company, then youve been affected by advertising more than you think. its branding, and you dont have to interact with an ad to be affected by it. a big part of marketing is just letting people know a company exists, not making you buy a product then and there. :-P

OSDN uses doubleclick.

[Saeed al-Sahaf]

OSDN uses doubleclick.

Re:The reverse is also true...

[Ghostgate]

But that wasn't what I was saying. I'm saying, if the staff of the bar was rude to you, perhaps saying something insulting to you, or giving you a really hard time when you tried to order something... well, you might be moved to be rude in return to them, and not really care about ordering the minimum 2 drinks. Even if you wouldn't, certainly there are a lot of other people who would.

In the case of web sites, the sites are being rude by popping up windows that must be moved, and flashing bright colors that are distracting. In fact, many ads will do everything they can to take your attention away from the real content of the site so that you will look at the ad instead. By serving up these kinds of ads, the owner of the site has been rude to me. Therefore I am moved to be rude in return, and remove all such distractions from my screen.

Text ads, on the other hand? Those are fine with me. Because they aren't so rude.

Webmasters: Host your (text) ads yourself!

[iamcf13]

Doing that will make them unblockable since the ads and the content are being served from the same IP address. However, there is nothing to stop someone with coming up with a clever HTML rewriter plugin/browser to strip out the content (readable text and meaningful binary content files) and make a simplified version of the (likely ad-ridden) original page.

My firewall program cannot detect deliberately broken up 'SCRIPT' tags via the document.write Javascript function--otherwise Google's AdSense advertising would be blocked too. If I didn't need Javascript, I could turn it off at the browser level and kill these ads as well.

Simple, HTML-only, text-based ads for me, thank you very much (works for Google)--I am on 'sessioned', time-limited dailup and cannot waste time downloading an (animated) ad banner image, or an (obnoxious, animated) shockwave ad.

Re:Probably

[JabberWokky]

where did I agree to being bombarded with ads ?

When you connected to somebody else's server and requested content?

Pretty simple, really. HTTP is a request based protocol.

--
Evan "Versus Spam, for instance"

Re:Probably

[JabberWokky]

No, I'm not being trollish. Let's try to come to an understanding here.

Bob takes pictures of flowers. He thinks they are nifty and other people might like them. He pays $10 a month for a website and puts them up online. Bob is paying to give you something for free. Bob's site becomes popular, and the bandwidth jumps over the course of six months to $200 a month. Whoa. Those are some high res flowers. Bob puts some ads on the site to try to defray the cost - to help pay for what he's giving out for free.

Bob is (implicitly) saying: "Hey, I went out and took these pictures, and you can have them! When you view them, I have some ads running so I can continue to bring them to you".

Now, you don't have to visit Bob's site. You won't see any ads. You asked when you agreed to view ads... when you chose to go to Bob's site.

You certainly have the technology to block those ads. But that's being rude to Bob who is trying to host these pictures for everybody to use. Not very polite. Thus the wrong thing to do.

Bob is being nice to you. He's giving you free pictures of flowers. Being nice to Bob and viewing the whole site is the right thing to do.

Now, where am I wrong?

--
Evan

Satisfy both sides?

[Anonymous Coward]

How about designing a browser or browser add-on
that blocks adds, but simulates clicks on banner ads at random intervals? Then the user wouldn't have to see ads, the ad company would think that their ads were being viewed, and everyone would be happy.