I don't mind portscanning per say if its clear you're doing it but a website should never trip a corporate firewall or IDS. We're going to re-rig this code to check the inbound IP against a local DNSBL or something similar and not something that will cause an IDS to shit itself. Generally, if I access a site on a port, I expect return traffic to come back only on that port (excluding protocols like FTP which are explicately multi-port). We officially support tor (and have our own hidden service) and are looking at connecting posts through SpamAssassin to automoderate crap down to -1 (this feature still fairly far out)
What got me upset was the fact that I respect users privacy, and to find out about this behaviour from a bug report notification pissed me off. In /code's defence, at that point, it was basically /., /.JP and Burrapuento as the last three slash sites on the internet so a lot of slashdot specific functionality has creped in over the years before the code drops stopped in 2009, with the documentation for independent sites being a bit stale.
Exactly my thought. I'm a creature of stubborn habit. I still browse when waiting for things or bored.
I'm just glad to see that a lot of GNAA and other crap has largely stopped.
Still see the Golden Girls spam posts, but, out of all the possible crap you could be clogging the internet up with, the Golden Girls aren't a bad way to go.
This is old news. Slashdot even did a story about this long ago. It seems every couple years someone finds this and makes a mountain out of a mole hill. If you're connected to the internet expect all kinds of random packets to be tossed your way.
This isn't anything new. Slashdot commenting used to trigger my IDS. This is just an old and unnecessary way of approaching a problem, just like Slashdot itself.
The responses to this issue appear to fall into two groups: The first group doesn't care, and the second group is apoplectic but is unable (or unwilling) to explain why.
That question was asked now ~10 years back. The answer was: to check if the submitter is using an random open proxy server from the net to bypass their IP filter.
From the code
# If we don't have an IP address, it can't be an open proxy.
And scanning commonly known proxy server ports.
my $ports = $constants->{comments_portscan_ports} || '80 8080 8000 3128';
Yeah, I remember reading the same discussion in Slashdot ten or more years go. I also had the reason in the back of my head, thanks for reminding me :). This is nothing new, really. I hope we don't get a submission about how some contemporary CD's from Sony have a rootkit...
Actually, the "don't have IP address" is a sanity check if this code fired from slashd; if someone coming in from the web interface, the GATEWAY_INTERFACE var is always set by mod_perl.
I thought this was well known, and I think it only happens when someone tries to submit a comment, so the title is slightly misleading. There is a perceptible delay while trying to submit after a day or so, but it seems to cache the result so it's faster if you comment again within the interval.
Some users get a windows software firewall product. Those products have to persuade users that the money was well spent, so they log everything and sometimes alert too much. "WE PROTECTED YOU FROM 9,042 HOSTILE ATTEMPTS" sounds better than "it's just Internet noise. Ignore it."
I'm not sure what Slashdot actually is anymore. The titles of the entries appear interesting at first, but when you read the associated articles, any substantive content seems to vanish into thin air.
I'm still interested, it's just not that interesting.
The draw of /. used to be its comments. Nowhere else could you get such informative discussions. often with the people involved in the story.
The rating-of-comments concept has been copied by many other sites, but few of them have a user reputation system and fewer get it right. This is why I pretty much copied /. for my own site.
The process you're describing bears no relation whatsoever to the origin of this code. It was written by Slashdot employees to solve a real operational problem on Slashdot; see above for a comment from the man himself.
I stopped clicking slashdot last year, whatever change they made on the mobile template I ended up with a blank page 4 times out of 5.
I got over it. Moved on.
[+] [-] cmdrtaco|12 years ago|reply
[+] [-] gburt|12 years ago|reply
[+] [-] NCommander|12 years ago|reply
What got me upset was the fact that I respect users privacy, and to find out about this behaviour from a bug report notification pissed me off. In /code's defence, at that point, it was basically /., /.JP and Burrapuento as the last three slash sites on the internet so a lot of slashdot specific functionality has creped in over the years before the code drops stopped in 2009, with the documentation for independent sites being a bit stale.
EDIT: I've written a follow up on my SN journal: http://soylentnews.org/~NCommander/journal/277
[+] [-] taiki|12 years ago|reply
I'm just glad to see that a lot of GNAA and other crap has largely stopped.
Still see the Golden Girls spam posts, but, out of all the possible crap you could be clogging the internet up with, the Golden Girls aren't a bad way to go.
[+] [-] precision|12 years ago|reply
[+] [-] diminoten|12 years ago|reply
IRC servers have been known to do this as well, from time to time, as bot mitigation.
[+] [-] korzun|12 years ago|reply
[+] [-] thomble|12 years ago|reply
[+] [-] samstave|12 years ago|reply
[+] [-] Giraffenstein|12 years ago|reply
[+] [-] eps|12 years ago|reply
[+] [-] justinator|12 years ago|reply
[+] [-] z92|12 years ago|reply
That question was asked now ~10 years back. The answer was: to check if the submitter is using an random open proxy server from the net to bypass their IP filter.
From the code
And scanning commonly known proxy server ports.[+] [-] xtracto|12 years ago|reply
[+] [-] NCommander|12 years ago|reply
[+] [-] ntakasaki|12 years ago|reply
[+] [-] TazeTSchnitzel|12 years ago|reply
[+] [-] DanBC|12 years ago|reply
Some users get a windows software firewall product. Those products have to persuade users that the money was well spent, so they log everything and sometimes alert too much. "WE PROTECTED YOU FROM 9,042 HOSTILE ATTEMPTS" sounds better than "it's just Internet noise. Ignore it."
[+] [-] bane|12 years ago|reply
[+] [-] johnohara|12 years ago|reply
I'm still interested, it's just not that interesting.
[+] [-] tdk|12 years ago|reply
[+] [-] dredmorbius|12 years ago|reply
I agree that Slashdot's lost its way and cachet, but substance is hardly prominent across much of the Internet today.
[+] [-] username223|12 years ago|reply
[+] [-] unreal37|12 years ago|reply
[+] [-] drakaal|12 years ago|reply
Run opensource so you can pour through the code and trust that it is secure by finding the issues in the code.
Benefit from the masses of users also pouring through the code to make sure it is safe.
Gain critical mass such that no security flaw goes undiscovered.
Grow complacent and assume all the other users are checking so you don't have.
Gain a large enough install base that malicious contributors add back doors and other nastiness to the code base.
Have a bad thing happen.
Snap out of complacency and start taking security seriously again.
[+] [-] duskwuff|12 years ago|reply
[+] [-] axanoeychron|12 years ago|reply
[+] [-] davidgerard|12 years ago|reply
[+] [-] sir_hopalot|12 years ago|reply
[+] [-] dfa0|12 years ago|reply
[+] [-] antocv|12 years ago|reply
Tell me when they attempt a DOS or send funky packets.
[+] [-] mantrax4|12 years ago|reply
But on the other hand, we're talking about Slashdot. I've forgotten it exists. Maybe that was the purpose of all the hot air.