WTF Are These Facebook Machines Doing?
February 21st, 2008I saw four machines reloading Cryptogon’s homepage hundreds of times each and I thought, “Someone’s trying to F with me.”
But I looked up the machines, and it’s Facebook. You know, that admitted CIA cutout operation, Facebook. There’s some bullshit explanation on the link provided by their user agent information. Hmm. Nothing in there about multiple machines reloading your document root hundreds of times.
Machine: out003.sf2p.tfbnw.net 204.15.23.170
Reloads: 225
Machine: out001.sf2p.tfbnw.net 204.15.23.168
Reloads: 264
Machine: out002.sf2p.tfbnw.net 204.15.23.169
Reloads: 233
Machine: out004.sf2p.tfbnw.net 204.15.23.171
Reloads: 235
That entire CIDR (204.15.20.0/22) can choke on my 403 now.
UPDATE: Facebook Bots Now Arriving from a Different Network
HAHA! I banned the entire range of Facebook IPs from which those bots above appeared. I thought, “Well, that’s that.” I checked about an hour later and, guess what: They’re back, from a different IP range this time. These are running much slower:
Machine: outnat01-05-1.sf2p.tfbnw.net 69.63.176.250
Reloads: 5
Machine: outnat01-05-2.sf2p.tfbnw.net 69.63.176.251
Reloads: 5
The counts are low because I caught them early. But lookee there, a few clicks later and 69.63.176.0/20 gets 403ed.
Any more, Facebook?
The first time I heard of facebook was the mass murderer coverage on CNN. Now, it’s a phenome. Thanx for your careful work on exposing this data collecting behometh.
Are you sure this isn’t just some Facebook app where someone is sharing a link to one of your posts ?
Because of FB’s walled garden approach to apps, its possible that this is just people sharing a link to your site with their friends.
In the regular internet, you’d see the reader’s domain – in Facebook World, everything goes via Facebook, so you see lots of references to FB servers instead…
@biggav
Are you sure this isn’t just some Facebook app where someone is sharing a link to one of your posts ?
HA. Sure. They don’t cache content that they’re “sharing”? They just load something hundreds of times from different machines? That makes no sense.
Can someone explain the business plan of Facebook, with respect to this dialog?: http://www.techcrunch.com/2008/01/30/stanford-computer-science-grads-getting-95k-offers-from-google/
Yahoo/Google/Facebook provide utility, but it’s a free service. Online ads are the only revenue. Is it a zero-sum game bankrupting newspapers, or do emergent properties create more revenue? If they get 20,000 applications/week, why don’t they get two programmers for the price of one as any other industry would? Why are recent grads so preferred compared to people with more experience, if not to give lower salary? Search algorithm writing is difficult, but aren’t there lots of good database programmers?
Facebook:
204.15.20.0/22
64.191.199.0/24
69.63.176.0/20
208.252.1.128/27
Hi,
I have had similar experiences with my site and myspace. Someone will link to a non-existing image on mysite from a myspace profile marked private. They’ll also link to a file on my site from a myspace profile and then reload the myspace page 500 times. For what reason? I don’t know but this went on for a long time. It only stopped when I stopped looking or caring that someone was doing it.
Blocking by IP doesn’t seem to do much because they’ll be back the next day from – Turkey, Croatia, Belgium, or Hungry. For awhile I just thought it was kids on ‘proxies’ just messing around. I now am thinking its ‘Troll’ behavior where someone doesn’t like what you’re doing.
It doesn’t mean its the government or that “they” hired a hacker/wacko to stalk you but if this type of thing escalates to scary phone calls at 4am then …
The best thing to do is not respond to it. If they get you looking in your logs all the time etc… they’ve got you were they want you wasting time with them.
I really like your blog – keep with it 🙂
Maybe you could use an automatic tool that bans IPs or ranges based on behaviour if this continues?
I use a small program called Fail2Ban (linux prg) that monitors login attempts and other logs (can be any log really) and looks for given events and when something happens a given number of time, the IP is blocked for a time or for ever.
Usually Id use this for ssh/ftp/apache logins..
“Yet, millions of zombified youth continue to be spied on by these billionaire voyeurs, giving them and the empire
they represent a “psychological peep show” never before
dreamed of by even the most psychotic “social engineers.”
http://www.larouchepac.com/files/pdfs/071127-lpac_myspace.pdf
http://snipurl.com/20a01 [www_larouchepac_com]
I have lately noticed DoD Information Services Network pinging my ports. Sometimes rarely, sometimes a whole flood of attempts to a whole range of IPs. Im running a UNIX type system and keep close watch on my logs so I noticed this. Of course I autoban ranges as they come, but this led me to do some searching, and I ended up on Peerguardians forums – and guess what?
Several Peerguardian users have noticed the same thing, all around the world! Different gov mil dod etc networks are hard at work pingig, mapping and infiltrating PCs and networks all around..
Heres a link to the thread I found:
http://forums.phoenixlabs.org/showthread.php?t=1227
Seems there are several people there too that HAVE realized what this is about, good thing!
Wow, now that thread has been locked, and last few posts removed (I added some links there pertaining to US government spying programs).
That didnt take long..
Woops, they didnt censor the posts, just moved them elsewhere more fitting, theyre back now and I got an explanation from admins. Thanks ! 🙂