back to article Mobile advertising DDoS JavaScript drip serves site with 4.5bn hits

CloudFlare has turned up an unusual form of denial-of-service attack: mobile advertisements that are pumping out around 275,000 HTTP requests per second. The cloud outfit didn't name the victim, but said the Layer 7 HTTP floods hitting the target is the latest example of a once-theoretical attack turning up in the real world …

  1. Anonymous Coward
    Anonymous Coward

    Quote: Virtually all traffic came from mobile devices in China

    I suggest we build the Great Firewall of China. A great Firewall of Ukraine and a great firewall of ex-Soviet Union would be a good idea too.

    Real Ones. On the _OUTER_ side. Anyone uttering the technically impossible world should think twice - it is possible to dump _ALL_ traffic from those locations for 3-4 letter agency perusal and analyze it. If that is possible, it should be technically possible to filter it too.

  2. Anonymous Coward
    Anonymous Coward

    Chinese programmers dominate the android app market, bet that's where you'd find this iframe in one or more of these "free" apps which need all your contact details in order for your phone to act like a flash light and to add insult to injury, display ads at the bottom of the screen.

  3. Your alien overlord - fear me

    This is why it should be manditory to have an ad-blocking HOSTS file on all mobiles and PC's, even if it means an initial lack of advertising revenue for some websites.

    My solution (up vote if you care), is to have the websites host the adverts. They are in charge of their content so why not have them liable for their adverts. Works for newspapers.

    1. sqlrob

      HOSTS? Really? You think that's going to work against someone that controls a DNS Server? Any provider that controls a DNS server can have effectively limitless domains. You can't fix that with a hosts file.

    2. Tomato42 Silver badge

      there's one simple thing that makes those attacks toothless

      disable javascript

      it's really crazy that we allow essentially arbitrary servers to run arbitrary code on our machines.

      True, more sites should follow ElReg example and work with JS disabled, but at least that's a start

      1. Anonymous Coward
        Anonymous Coward

        Well, how else are you going to do dynamic websites without trusting those websites to run their code on our machines?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019