Pingback DoS/spam

Sam Rowe complains that the Pingback spec doesn’t have any way to prevent spam or DoS attacks by repeatedly hitting a Pingback server. Now, the DoS suggestions is true but irrelevant, because you can DoS a server by just repeatedly hitting one of its web pages; Pingback is nothing special in this regard, and doesn’t fix the problem because it’s a problem inherent in serving stuff over a web server; it’s Apache’s problem, not Pingback’s. The spam suggestion is a little more worrying, but it’s something that we’ve discussed before (although I can’t find a reference to it) — essentially, you can spam someone’s referrer logs the same way, and a referrer log display routine like, say, Mark Pilgrim’s, will have the same problems unless it filters server-side to cater for this. I don’t see it as a major problem, in short. ——-

I'm currently available for hire, to help you plan, architect, and build new systems, and for technical writing and articles. You can take a look at some projects I've worked on and some of my writing. If you'd like to talk about your upcoming project, do get in touch.

More in the discussion (powered by webmentions)

  • (no mentions, yet.)