Bots don't honor 301 :(
Ben Scott
dragonhawk at gmail.com
Mon Jan 12 19:46:26 EST 2009
DISCLAIMER: I always speak only for myself, unless otherwise
explicitly indicated.
On Mon, Jan 12, 2009 at 3:02 PM, <VirginSnow at vfemail.net> wrote:
>> > They would just come back or go bother someone else.
>>
>> This is not a effective deterrent.
>
> How so?
What part of "come back or go bother someone else" is unclear?
> If you're keeping a bot tied up talking to you, you're keeping the
> bot from probing other systems.
Sadly, botmasters aren't all morons. They're aware of things like
setting timeout values. They often don't care because they can afford
not to. There are orders of magnitude more bots then web servers.
If you were to wave your magic wand and cause every non-vulnerable
web server on the net to start tarpitting, that would simply mean the
botmasters would implement timeouts that much sooner.
> Granted, if the botmaster is using a multithreaded bot implementation
They are, just not on the scale you imagine. Their "computer" is
every compromised host on the Internet, each host a CPU.
>> It's the security equivalent of masturbation. It may make you feel
>> good, but that's all it's doing.
>
> Please don't use the word "masturbation" to describe something you
> think is worthless.
You need to work on your reading comprehension. Since I apparently
need to spell things out for you: I never called it "worthless". I
said it was not an effective deterrent, and that all it accomplished
was making the operator feel good, and even acknowledged that making
the operator feel good is not necessarily a worthless ambition.
> Where can one find/contact these "network abuse reporting systems"?
http://www.google.com/search?q=network+abuse+reporting
-- Ben
More information about the gnhlug-discuss
mailing list