{"id":496,"date":"2008-12-27T14:14:02","date_gmt":"2008-12-27T13:14:02","guid":{"rendered":"http:\/\/daniel.haxx.se\/blog\/?p=496"},"modified":"2008-12-27T23:06:35","modified_gmt":"2008-12-27T22:06:35","slug":"fun-with-executable-extensions-in-viewvc","status":"publish","type":"post","link":"https:\/\/daniel.haxx.se\/blog\/2008\/12\/27\/fun-with-executable-extensions-in-viewvc\/","title":{"rendered":"Fun with executable extensions in viewvc"},"content":{"rendered":"<p>A few years ago I wrote up silly little perl script (let&#8217;s call it <em>script.pl<\/em>) that would fetch a page from a site that returns a &#8220;random URL off the internet&#8221;. I needed a range of URLs for a test program of mine and just making up a thousand or so URLs is tricky. Thus I wrote this script that I would run and allow to get a range of URLs on each invoke and then run it again later and append to the log file. It wasn&#8217;t a fancy script, but it solved my task.<\/p>\n<p>The script was part of a project I got funded to work on, that was improving <a href=\"http:\/\/curl.haxx.se\/libcurl\/\">libcurl<\/a> back in 2005\/2006 so I thought adding and committing the script to CVS felt only natural and served a good purpose. To allow others to repeat what I did.<\/p>\n<p>Fast forward to late 2008. The script is now browsable via <a href=\"http:\/\/www.viewvc.org\/\">viewvc<\/a> on a site that&#8230; eh, doesn&#8217;t have &#8220;.pl&#8221; disabled as a cgi extension in its config! The result of course is that each time someone tries to view the script using the web interface, the web server invokes the script locally!<\/p>\n<p>All of a sudden I get a mail from <a href=\"http:\/\/workbench.cadenhead.org\/news\/3471\/sweden-declares-war-my-web-server\">someone<\/a>, who apparently is admin or something of the site this old script was using, and he mentions that a machine on our network is hammering his site with many requests per second (38 requests\/second apparently) and asked me to stop this. It turns out a search engine crawler has indexed the viewvc output several times, and now some 8 processes or so were running this script.pl and they were all looping around getting a page, outputting the URL, getting another page&#8230;<\/p>\n<p>While I think 38 requests second is a bit low to even be considered a DOS, it certainly wasn&#8217;t intended nor friendly and I was greatly surprised when I slowly realized how it all came to end up like this! Man I suck! It reminds me of my other <a href=\"http:\/\/daniel.haxx.se\/blog\/2008\/09\/08\/a-bad-move-a-really-bad-move\/\">extension mess<\/a> from just a few months ago&#8230;<\/p>\n<p>Maybe I&#8217;ll learn how to do things right in the future when I grow up!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A few years ago I wrote up silly little perl script (let&#8217;s call it script.pl) that would fetch a page from a site that returns a &#8220;random URL off the internet&#8221;. I needed a range of URLs for a test program of mine and just making up a thousand or so URLs is tricky. Thus &hellip; <a href=\"https:\/\/daniel.haxx.se\/blog\/2008\/12\/27\/fun-with-executable-extensions-in-viewvc\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Fun with executable extensions in viewvc<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,133,45],"tags":[236,230,219,428,426],"class_list":["post-496","post","type-post","status-publish","format-standard","hentry","category-net","category-security","category-web","tag-apache","tag-http","tag-network","tag-security","tag-web"],"_links":{"self":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/comments?post=496"}],"version-history":[{"count":0,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/496\/revisions"}],"wp:attachment":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media?parent=496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/categories?post=496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/tags?post=496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}