It’s been an interesting week here. You may have seen Joe’s blog entry yesterday about being DDOS’d poorly. I share my server with Joe and another guy who wrote the controversial Firefox extension which was being DDOS’d. This means that I was DDOS’d too! First, some more background
A coworker of mine at my Day Job used to be a Paramedic in New Jersey. I learned recently that he was among the first responders to the World Trade centers on 9/11. This experience prompted him to change careers and he took up web development (of all things!).
Doug’s Note: My coworker tends to refer to himself as “Boyzoid” online, though that’s not his real name. I choose to respect that and will refer to him as that from here on out.
To give Boyzoid some props, I want to say that he’s one of the smartest people I know. Not many people can move as easily as he did from saving peoples lives on a nightly basis to being a code samurai in such a short period of time.
Any how, because he comes from a medical background a lot of the work that he does is related to hospitals and emergency response systems. To this extent, he wrote a very simple web service which returns *gasp* the current US Homeland Security Threat Level. (Cue the dramatic 40s horror movie style organ music.)
Much to my surprise (perhaps I’m short-sited to this extent) his web service became quite popular. Many sites make use of it to supply the threat level to their users. Many of these sites are hospitals, government websites, schools, and more. In fact, the DHS recently released their own web service to do the exact same thing. I like to think that Boyzoid was the catalyst for this.
Aside from being an ex-paramedic, Boyzoid is also a rabid Firefox fan boy. He has been working to convert his clients in the medical industry from IE to Firefox. To this extent, he wrote a extension which shows the current DHS threat level in the Firefox status bar.
I suspect that most of us (myself, Boyzoid and Joe included) believe that the DHS Threat Level is a bunch of bullshit. However, whether or not you believe that, hospitals and first responders can not ignore the threat level. A change in the Threat Level forces certain agencies and companies to take certain preparatory measures.
So, Boyzoid’s plan was simple. By providing an extension for Firefox which is useful to this certain select set of people he might cause a number of these organizations, which otherwise may never have heard of Firefox, to switch. Just for this one extension.
On top of all that, Boyzoid was nice enough to provide the source code (which I haven’t looked at) which demonstrates how to create a Firefox extension, call a website from the extension, and then change the display based on the returned data.
When Boyzoid posted this to Mozilla.org he unintentionally sparked a huge debate which is still raging. Apparently he pissed someone off enough that they discovered the URL he was pulling data from and tried to DDOS it. Here are a few selected comments peopled posted to Mozilla.org.
This is the most stupid extension ever. People who wrote/use this extension should be castrated! or otherwise dealt with appropriately for advocating useless anxiety among the populous.
RUN RUN, hide under your tables, the enemy (who’s the enemy?) is attacking us….
Maybe Mozilla.org should establish a new category “war propaganda extensions” so people who don’t believe in lies won’t be bothered.
Many, many, more comments followed those same lines. Others were more positive and supportive. Any how, think what you want. I think it’s an interesting idea.
Anyhow, it seems that for now the DDOS attack has come to an end, which is good. I’m proud to say that even at its worst the attack never took the server over 50% CPU or over 10% of the network. Way to go me!