I thought this was well known, and I think it only happens when someone tries to submit a comment, so the title is slightly misleading. There is a perceptible delay while trying to submit after a day or so, but it seems to cache the result so it's faster if you comment again within the interval.
Really, Slashcode is just unbelievably horrible. I ran it myself. It's stupidly fragile, you can break it by altering things in the interface and it stores its weblogs in the MySQL database.
I eventually moved everything to WordPress and stopped wanting to STAB MYSELF IN THE FACE REPEATEDLY whenever I wanted to make a post.
I think he meant "a log of accesses to the website" rather than "a blog." Those are often persisted on disk because they tend to get rather voluminous and the questions one wants to ask of them rarely benefit from SQL.
backslash (the admin interface) is fragile, during beta testing, we got the site stuck in an infinite loop because the UI for topic creation is not the greatest. I'm not sure I get the 'stores weblogs in mysql' bit as wordpress by default does the same thing.
We've been discussing migrating over to PostgreSQL and rearchitecting the database to run on stored proceedures and views; almost all the DB calls are already abstracted in MySQL.pm, so this is relatively straight forward (if a bit tedious).
I stopped clicking slashdot last year, whatever change they made on the mobile template I ended up with a blank page 4 times out of 5.
I got over it. Moved on.
This isn't anything new. Slashdot commenting used to trigger my IDS. This is just an old and unnecessary way of approaching a problem, just like Slashdot itself.
This is old news. Slashdot even did a story about this long ago. It seems every couple years someone finds this and makes a mountain out of a mole hill. If you're connected to the internet expect all kinds of random packets to be tossed your way.
I'm not sure what Slashdot actually is anymore. The titles of the entries appear interesting at first, but when you read the associated articles, any substantive content seems to vanish into thin air.
I'm still interested, it's just not that interesting.
The draw of /. used to be its comments. Nowhere else could you get such informative discussions. often with the people involved in the story.
The rating-of-comments concept has been copied by many other sites, but few of them have a user reputation system and fewer get it right. This is why I pretty much copied /. for my own site.
The responses to this issue appear to fall into two groups: The first group doesn't care, and the second group is apoplectic but is unable (or unwilling) to explain why.
Exactly my thought. I'm a creature of stubborn habit. I still browse when waiting for things or bored.
I'm just glad to see that a lot of GNAA and other crap has largely stopped.
Still see the Golden Girls spam posts, but, out of all the possible crap you could be clogging the internet up with, the Golden Girls aren't a bad way to go.
I don't mind portscanning per say if its clear you're doing it but a website should never trip a corporate firewall or IDS. We're going to re-rig this code to check the inbound IP against a local DNSBL or something similar and not something that will cause an IDS to shit itself. Generally, if I access a site on a port, I expect return traffic to come back only on that port (excluding protocols like FTP which are explicately multi-port). We officially support tor (and have our own hidden service) and are looking at connecting posts through SpamAssassin to automoderate crap down to -1 (this feature still fairly far out)
What got me upset was the fact that I respect users privacy, and to find out about this behaviour from a bug report notification pissed me off. In /code's defence, at that point, it was basically /., /.JP and Burrapuento as the last three slash sites on the internet so a lot of slashdot specific functionality has creped in over the years before the code drops stopped in 2009, with the documentation for independent sites being a bit stale.
The process you're describing bears no relation whatsoever to the origin of this code. It was written by Slashdot employees to solve a real operational problem on Slashdot; see above for a comment from the man himself.
Some users get a windows software firewall product. Those products have to persuade users that the money was well spent, so they log everything and sometimes alert too much. "WE PROTECTED YOU FROM 9,042 HOSTILE ATTEMPTS" sounds better than "it's just Internet noise. Ignore it."
That question was asked now ~10 years back. The answer was: to check if the submitter is using an random open proxy server from the net to bypass their IP filter.
From the code
# If we don't have an IP address, it can't be an open proxy.
And scanning commonly known proxy server ports.
my $ports = $constants->{comments_portscan_ports} || '80 8080 8000 3128';
Actually, the "don't have IP address" is a sanity check if this code fired from slashd; if someone coming in from the web interface, the GATEWAY_INTERFACE var is always set by mod_perl.
Yeah, I remember reading the same discussion in Slashdot ten or more years go. I also had the reason in the back of my head, thanks for reminding me :). This is nothing new, really. I hope we don't get a submission about how some contemporary CD's from Sony have a rootkit...
44 comments
[ 4.3 ms ] story [ 109 ms ] threadReally, Slashcode is just unbelievably horrible. I ran it myself. It's stupidly fragile, you can break it by altering things in the interface and it stores its weblogs in the MySQL database.
I eventually moved everything to WordPress and stopped wanting to STAB MYSELF IN THE FACE REPEATEDLY whenever I wanted to make a post.
Slashcode is not my favourite CMS.
Can you explain this to me? this seems like exactly what wordpress does..?
Maybe it doesn't do that any more. BUT SOMEONE EVER THOUGHT THIS WAS A GOOD IDEA.
We've been discussing migrating over to PostgreSQL and rearchitecting the database to run on stored proceedures and views; almost all the DB calls are already abstracted in MySQL.pm, so this is relatively straight forward (if a bit tedious).
I believe the other site(s) would include the ruinator's other Taco acquisitions Sourceforge & Freecode. I could be wrong and often am.
IRC servers have been known to do this as well, from time to time, as bot mitigation.
But on the other hand, we're talking about Slashdot. I've forgotten it exists. Maybe that was the purpose of all the hot air.
I'm still interested, it's just not that interesting.
I agree that Slashdot's lost its way and cachet, but substance is hardly prominent across much of the Internet today.
I'm just glad to see that a lot of GNAA and other crap has largely stopped.
Still see the Golden Girls spam posts, but, out of all the possible crap you could be clogging the internet up with, the Golden Girls aren't a bad way to go.
What got me upset was the fact that I respect users privacy, and to find out about this behaviour from a bug report notification pissed me off. In /code's defence, at that point, it was basically /., /.JP and Burrapuento as the last three slash sites on the internet so a lot of slashdot specific functionality has creped in over the years before the code drops stopped in 2009, with the documentation for independent sites being a bit stale.
EDIT: I've written a follow up on my SN journal: http://soylentnews.org/~NCommander/journal/277
Tell me when they attempt a DOS or send funky packets.
Run opensource so you can pour through the code and trust that it is secure by finding the issues in the code.
Benefit from the masses of users also pouring through the code to make sure it is safe.
Gain critical mass such that no security flaw goes undiscovered.
Grow complacent and assume all the other users are checking so you don't have.
Gain a large enough install base that malicious contributors add back doors and other nastiness to the code base.
Have a bad thing happen.
Snap out of complacency and start taking security seriously again.
Some users get a windows software firewall product. Those products have to persuade users that the money was well spent, so they log everything and sometimes alert too much. "WE PROTECTED YOU FROM 9,042 HOSTILE ATTEMPTS" sounds better than "it's just Internet noise. Ignore it."
That question was asked now ~10 years back. The answer was: to check if the submitter is using an random open proxy server from the net to bypass their IP filter.
From the code
And scanning commonly known proxy server ports.