How to DDos Someone with Facebook Notes

Information Security

A month and a half ago chr13 discovered how to DDoS someone with the help of Google Spreadsheet, and now he applied such a method to Facebook Notes. And it worked!

Operating procedure is absolutely the same as in Google Spreadsheet:

  1. Create a list with «unique» «photos»: <img src="http://targetname/file?r=1" /> <img src="http://targetname/file?r=2" /> ... <img src="http://targetname/file?r=1000" />
  2. Write a note with the help of m.facebook.com. The service will cut the note after some fixed length.
  3. Create several notes with one or several accounts. Each note will make 1000+ HTTP-requests.
  4. Open all the notes at the same time. Specified server will get a mountainous pile of HTTP-traffic. Thousands of requests will go to the server within a couple of seconds.

The author managed to overload a gigabit channel at his VPS. 127 Facebook servers were involved in the DDoS attack.

How to DDos someone: bandwidth chart

Facebook marked the problem as “Won’t fix”.

Comments

1,128

Ropes — Fast Strings

Most of us work with strings one way or another. There’s no way to avoid them — when writing code, you’re doomed to concatinate strings every day, split them into parts and access certain characters by index. We are used to the fact that strings are fixed-length arrays of characters, which leads to certain limitations when working with them. For instance, we cannot quickly concatenate two strings. To do this, we will at first need to allocate the required amount of memory, and then copy there the data from the concatenated strings.