That’s a cool trick
Today when reddit was down for maintenance people kept gathering on the #redditdowntime channel on freenode where under a couple of minutes intriguing things started to happen.
You can read the whole story here (and come back afterwards).
TLDR: the channel (through some javascript code) got link spammed in huge numbers.
The code – which you can find in the article I’ve pointed earlier – basically has an iframe, a form with an input tag (pointing to the iframe) and a small javascript code to do the magic.
What I’ve liked in the code is the way it sends the connection and “payload” to the irc server; via the following (combined) string.
x.value = '\r\nUSER '+i+' 8 * :'+n+ // user
'\r\nNICK '+n+ // nick
'\r\nJOIN #redditdowntime\r\n'
+new Array(99).join(
'PRIVMSG #redditdowntime :http://bit.ly/lolreddit\r\n'
)+'';
And I like especially the last part of the payload, of which my first impression was that is creating 99 new lines and lastly the actual message as a way to wait while the server responded correctly.
Soon afterwards (couple of seconds, I swear) I realized that this snippet of code generates 100 messages to send.
Nice trick, I’ll remember it next time I’ll have to do a string repeat.
And as in any situation where someone needs to be blamed, this time the blame fell upon the Freenode sysadmins; and it was said in such a lovely way.
IN MY HUMBLE OPINION, (THIS IS MY OPINION AND NOT FACT):
Freenode is run by morons who can’t read IRCD config files. It is that simple.
Instead of reading the docs, freenode is switching to another IRCD to solve this “problem”. Well the problem is between the chair and the keyboard of the freenode admins. The thing you posted should not work at all against a properly configured IRCD. Instead REAL ADMINS with the practical skills of READING COMPREHENSION read the DOCUMENTS that describe the CONFIGURATION OPTIONS. And then they turn on the one feature invented in the 90s that will stop this dead.
But no, freenode has historically been run by people who don’t seem to exhibit any understanding of an IRC server or sysadmining. They will convert the entire network on the 30th to a new IRC which allows to ban users who send HTTP header to an IRC Server. Instead of reading the docs and turning on a certain option WHICH I WILL NOT SHARE HERE BECAUSE FREENODE ADMINS ARE IDIOTS AND SHOULD READ THE BLOODY DOCS.
Also firewalling with a pattern match on POST would’ve solved these problems too. But freenode admins are not the brightest admins.
And all of this because a Reddit user once owned a Digg user…. I can’t find the picture!
