Pïd stèr wrote:
On 16 Apr 2013, at 17:58, chris derham <ch...@derham.me.uk> wrote:
Or, another way of looking at this would be that for every 40 servers
scanned without a 404 delay, the same bot infrastructure within the same
time would only be able to scan 1 server if a 1 s 404 delay was implemented
by 50% of the webservers.
This assumes that the scanning software makes sequential requests.
Assuming your suggestion was rolled out (which I think is a good idea
in principal), wouldn't the scanners be updated to make concurrent
async requests? At which point, you only end up adding 1 second to the
total original time? Which kind of defeats it.
Again I'd like to state that I think you are onto a good idea, but the
other important point is that some (most?) of these scans are run from
botnets. These have zero cost (well for the bot farmers anyway). My
point is even if the proposal worked, they don't care if their herd is
held up a little longer - they are abusing other people
computers/connections so it doesn't cost them anything directly.
Sorry but those are my thoughts
I tend to agree. Effort will just be expended elsewhere, and that's
assuming this would have enough of an impact to be noticed.
Say that it would be easy to implement this in Tomcat, and that we do not collectively
find good reasons not to do so, and that it does get implemented.
Then I pledge that my next move would be to bring this similarly onto the Apache httpd
list (using the Tomcat precedent as an introduction of course (à la "hey guys ? those
smart Tomcat developers have just had a great idea etc..")).
I haven't checked the actual numbers yet, but I would imagine that between Apache httpd
and Tomcat, we're talking of a significant proportion of the overall webservers, no ?
Alternatively of course, still if there are no definite arguments against it, but the
Tomcat developers are not interested, I could go to the Apache list anyway. And then they
might be the first to introduce this great feature.
Or maybe I'll just patent it, and then sell the patent to the makers of the third
most-popular webserver..
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
