{"id":137,"date":"2005-10-04T21:44:00","date_gmt":"2005-10-04T21:44:00","guid":{"rendered":"http:\/\/adam.rosi-kessel.org\/weblog\/the_web\/whats_wrong_with_209_88_228_11.html"},"modified":"-0001-11-30T00:00:00","modified_gmt":"1970-01-01T05:00:00","slug":"whats_wrong_with_209_88_228_11","status":"publish","type":"post","link":"https:\/\/adam.rosi-kessel.org\/weblog\/2005\/10\/04\/whats_wrong_with_209_88_228_11","title":{"rendered":"What’s wrong with 209.88.228.11 and\/or Konqueror?"},"content":{"rendered":"

Today I received over 100,000 hits like this: <\/p>\n

 209.88.228.11 - - [04\/Oct\/2005:16:57:52 -0400] \"PROPFIND \/error\/notfound.html\/ HTTP\/1.1\" 302 240 \"-\" \"Mozilla\/5.0 (compatible; Konqueror\/3.4; Linux) KHTML\/3.4.1 (like Gecko) (Debian package 4:3.4.1-1)\" <\/pre>\n
 It looks like the person actually came to my site for a legitimate reason: <\/p>\n
 209.88.228.11 - - [04\/Oct\/2005:09:50:41 -0400] \"GET \/weblog\/2005\/08\/ HTTP\/1.1\" 200 53323 \"http:\/\/www.google.com\/search?hl=en&ie=UTF-8&q=download+growisofs+5.21+debian&spell=1\" \"Mozilla\/5.0 (compatible; Konqueror\/3.4; Linux) KHTML\/3.4.1 (like Gecko) (Debian package 4:3.4.1-1)\" <\/pre>\n
 and then wanted to see the contents of my \/blogimages directory. That directory (where I store images that appear on this blog) cannot be publicly viewed: <\/p>\n
 209.88.228.11 - - [04\/Oct\/2005:09:52:19 -0400] \"PROPFIND \/blogimages\/ HTTP\/1.1\" 302 239 \"-\" \"Mozilla\/5.0 (compatible; Konqueror\/3.4; Linux) KHTML\/3.4.1 (like Gecko) (Debian package 4:3.4.1-1)\" 209.88.228.11 - - [04\/Oct\/2005:09:52:19 -0400] \"PROPFIND \/error\/notfound.html\/ HTTP\/1.1\" 302 239 \"-\" \"Mozilla\/5.0 (compatible; Konqueror\/3.4; Linux) KHTML\/3.4.1 (like Gecko) (Debian package 4:3.4.1-1)\" <\/pre>\n
 But why would this failed request repeat more than 100,000 times, basically every second for hours? Is this a very bad konqueror behavior, or a well camouflaged denial-of-service attack, or something else entirely? This kind of thing could generate some bad press for free software unless there’s a good explanation (“Konqueror security hole swamps innocent websites,” etc..). <\/p>\n","protected":false},"excerpt":{"rendered":"
Today I received over 100,000 hits like this: 209.88.228.11 – – [04\/Oct\/2005:16:57:52 -0400] “PROPFIND \/error\/notfound.html\/ HTTP\/1.1” 302 240 “-” “Mozilla\/5.0 (compatible; Konqueror\/3.4; Linux) KHTML\/3.4.1 (like Gecko) (Debian package 4:3.4.1-1)” It looks like the person actually came to my site for a legitimate reason: 209.88.228.11 – – [04\/Oct\/2005:09:50:41 -0400] “GET \/weblog\/2005\/08\/ HTTP\/1.1” 200 53323 “http:\/\/www.google.com\/search?hl=en&ie=UTF-8&q=download+growisofs+5.21+debian&spell=1” “Mozilla\/5.0 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[14],"tags":[],"_links":{"self":[{"href":"https:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/posts\/137"}],"collection":[{"href":"https:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/comments?post=137"}],"version-history":[{"count":0,"href":"https:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/posts\/137\/revisions"}],"wp:attachment":[{"href":"https:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/media?parent=137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/categories?post=137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/tags?post=137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}