Since $c is the IP address itself, adding the starting IP again will check a completely different IP.
Besides that, you have a point. I feel like the code would be so much cleaner if they just added a 4th line to declare ip2long($argv[1]) as a variable.
I suppose. I wonder what would be a better way to find their web server. Maybe looking for IPs that run a web server using nginx, but don't respond to the host specified in their rDNS record. Then again, that would lead to way too many hosts.
I doubt they'll set up a PTR record. What they'd do if they're smart is firewall their box so it only accepts port 80 requests from Cloudflare's systems. Anything else can be discarded, e.g.:
iptables -A INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -s w.x.y.z/xx -j ACCEPT
Probably. There are a lot of hosting/VPS companies out there that have instant provisioning and don't ask too many questions. I imagine it would be pretty hard to find them this way unless they do something stupid.
Meh. Neither are particularly inspiring. Yeah, thejester's is pedantically long and uses way too many variables, while lulzsec seems to have an aversion to variables, running ip2long($argv[1]) up to three times per loop.
Also, the "lulzier" version does not separately handle the case where a webserver is found but does not return a response containing the needle. It's true that thejester's script is not particularly efficient in wasting a socket connect to do this separate check, but for a one-off task, who cares.
25 comments
[ 6.3 ms ] story [ 55.8 ms ] threadEpic failure, implicating LOC is a measurement for code quality. Hint: it's not.
It's usually agreed that accomplishing the same thing in less lines of code is, of course, better. (As long as you've maintained readability, etc)
Edit: http://twitter.com/LulzSec/status/84223058382028800
Why not just:
I forgot to replace it on line 2, only did it on line 3.
@file_get_contents('http://.long2ip(ip2long($argv[1])+$c)
Since $c is the IP address itself, adding the starting IP again will check a completely different IP.
Besides that, you have a point. I feel like the code would be so much cleaner if they just added a 4th line to declare ip2long($argv[1]) as a variable.
>> also, in our nginx configuration, we deny all HTTP connections to unknown vhosts.
mean that forming the URL as 'http://.long2ip(ip2long($argv[1])+$c) will not work?
Also, the "lulzier" version does not separately handle the case where a webserver is found but does not return a response containing the needle. It's true that thejester's script is not particularly efficient in wasting a socket connect to do this separate check, but for a one-off task, who cares.
http://pastebin.com/wpv1RXta
Why the ____ do the normally mindful folks at HN vote this kind of thing up?
Obviously, the popularity of lulzsec is the main factor here.
So, who's bottle_of_rum, then?