Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Xanga, The Ghetto Botnet

By Tod Friendly in Internet
Thu Dec 30, 2004 at 02:24:54 PM EST
Tags: Internet (all tags)
Internet

Did you notice when Slashdot's search was down for the past few days? (It's back up now.) Turns out that in a stunning case of irony, it had been hammered into submission by thousands of people attempting to use it.

However, unlike CmdrTaco's regimented DDoS attacks, this one is carried out with malicious intent as opposed to mere sociopathic inconsiderateness. It also highlights a potential threat from one of the biggest weblogging services out there.


I've discussed the threat of weblogs before. In my story, I waxed lyrical about the benefits of sequestered weblogging sites such as LiveJournal and Xanga. I advocated them safe in the belief that they were safely separated from the rest of the Web under a single domain, making any spurious search results from them easy to filter out.

However, there is a new and probably more dangerous threat posed by Xanga which has only been made obvious recently. A person's Xanga weblog can contain arbitrary JavaScript and HTML. In and of itself, this isn't too bad. Even though the blog can do pretty horrendous things to anyone who visits it, it isn't likely to be visited because it won't stand out amongst the five and a half million or so other weblogs hosted at the same site.

However, when this poor security is combined with readily available (and easily written) Xanga spamming scripts to spam links to the insidious weblog to tens or hundreds of thousands of other users, it receives dozens of hits a minute. And if the weblog has an embedded <iframe> or redirect to a database intensive script on other website -- such as Slashdot -- bad things happen. Slashdot suffered sporadic 503 errors and anything which depended on its database, including logging in and the generation of the front page, suffered from frequent failures. (That is, until CmdrTaco finally figured out what happened and got rid of search.pl all together.)

What makes this even more dangerous is that it can be done so quickly and readily. As opposed to scraping together a decent-sized botnet (which can take days or weeks), anyone can whip up a couple of Perl scripts and start hammering away. The only limit is someone's bandwidth, but past Xangadottings have demonstrated that it only takes two or three disgruntled hackers with ordinary broadband connections to take down the databases of all but the hardiest websites.

Xanga seem to be completely unaware of this problem or just can't be bothered to try and fix it, having taken no measures to combat it. (I suspect the latter, since they haven't bothered to follow up on other users' reports.) For instance, despite asking for an email address when signing up, they don't send confirmation to the email address. Nor do they use a captcha in order to signup or post. So the process of signing up and posting comments in others' blogs is very easy to script.

As such, we can't really do much about it but fume now and then. Even trying to use the flooding tactic against Xanga itself would be self-defeating because if Xanga were to go down, it would no longer be bombarded. Quite a dilemma. Maybe I should have been more inclusive in decrying weblogging after all. I find it pretty funny that blogging, which has been described as a tool for perpetuating freedom of speech, can now be used as a tool to suppress others' views.

Good work. Let's keep bringing the power of publishing to the people!

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Xanga: should it go, or should it stay?
o Go. 61%
o Stay. 38%

Votes: 57
Results | Other Polls

Related Links
o Slashdot
o Slashdot's search
o discussed
o LiveJourna l
o Xanga
o other
o users
o captcha
o signing up
o posting comments
o Also by Tod Friendly


Display: Sort:
Xanga, The Ghetto Botnet | 66 comments (53 topical, 13 editorial, 0 hidden)
Slashdot's search (2.42 / 7) (#2)
by Psychopath on Tue Dec 28, 2004 at 05:03:07 PM EST

Since Slashdot's search sucks anyway I couldn't care less whether it's really down or just unuseable as usual.
--
The only antidote to mental suffering is physical pain. -- Karl Marx
It is remarkably useless... (3.00 / 2) (#58)
by bsimon on Sat Jan 01, 2005 at 02:09:03 PM EST

...and even when you do find something, there's a date, but no year, on the archived posts, so you can never be sure how old the information is.

you have read my sig
[ Parent ]

slashdot comment dates (none / 0) (#59)
by tchuladdiass on Sat Jan 01, 2005 at 08:04:13 PM EST

Well, if you work at it a bit you can deduce the year. The day of the week is shown, so you can figure out which year that date fell on the given week day. This will work going back a few years, any older then you'd have to look at the comment sequence number and deduce from that.

[ Parent ]
It must be a test (none / 1) (#60)
by bsimon on Sun Jan 02, 2005 at 06:26:18 AM EST

Once you've figured all that out, I guess they offer you a job at Google :)

you have read my sig
[ Parent ]

More like (3.00 / 10) (#3)
by TheOnlyCoolTim on Tue Dec 28, 2004 at 05:18:56 PM EST

Xanga, the Ghetto.

AZN p|21d3, 12 year olds, and almost universally painful to look at.

Xanga as a whole is probably below furry websites, I think, and only above those forums that SomethingAwful digs up where people discuss in broken English their incestual relations with retarded DragonballZ fans.

Tim
"We are trapped in the belly of this horrible machine, and the machine is bleeding to death."

only on something awful (2.71 / 7) (#6)
by rkz11 on Tue Dec 28, 2004 at 06:30:14 PM EST

would you find someone who tried to refil a blowtorch while it was still on - then posts pics about it.
-- GNAA Member
[ Parent ]
oh boo hoo (3.00 / 5) (#23)
by LilDebbie on Wed Dec 29, 2004 at 10:40:23 AM EST

so he scorched his bangs. real pyros lose their eyelashes!

My name is LilDebbie and I have a garden.
- hugin -

[ Parent ]
Fire with fire (3.00 / 6) (#4)
by mcc on Tue Dec 28, 2004 at 05:22:00 PM EST

Even trying to use the flooding tactic against Xanga itself would be self-defeating because if Xanga were to go down, it would no longer be bombarded.

However, this does suggest a neatly symmetric way of dealing with the problem: perform the same trick, but instead of hosting it on Xanga, host it on Slashdot.

Slashdot uses IFRAME-based ads. The ads are hosted on ads.osdn.com but Slashdot ad purchasers may insert any html they like into the ad space and are encouraged-- in fact basically required-- to use this space to reference content hosted on third party servers. If one were to place an IFRAME reference to a database-intensive page on Xanga into a Slashdot ad, and possibly set the enclosing IFRAME such that the inner one periodically reloads, it is highly unlikely OSTG would notice anything unusual were happening before the purchased ad impressions were exhausted.

While it is unclear exactly which pricing plan would be the best here, at the very least there is the option by which for $100 you can have your ad display on literally every single non-subscriber pageload on slashdot for a full three hours or until a thousand pageloads are exhausted. This is almost certainly enough to make Xanga unreachable for a noticeable amount of time, and affordable enough that the necessary capital could be easily obtained by a simple "donate here to take down xanga" pledge drive on a small number of sites with high anti-blog sentiment.

you don't understand the attack (none / 1) (#33)
by circletimessquare on Thu Dec 30, 2004 at 03:54:11 AM EST

as the story notes, the effectiveness of the attack doesn't come from bandwidth overload, but overloads by requesting cpu/ database-intensive pages

it's not established xanga has any such corollary to slashdot's search function


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

You're just being silly. (2.66 / 3) (#38)
by mcc on Thu Dec 30, 2004 at 01:39:19 PM EST

it's not established xanga has any such corollary to slashdot's search function

Why does this need to be established in order for it to be spoken about hypothetically?

[ Parent ]

silly i am (2.50 / 2) (#42)
by circletimessquare on Thu Dec 30, 2004 at 04:52:55 PM EST

it can easily be said that my point about finding a cpu-intensive target is more "hypothetically" important than the points in the post i was responding to, considering the effectiveness of the attack we're discussing


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
Why? (2.66 / 3) (#44)
by mcc on Thu Dec 30, 2004 at 06:24:23 PM EST

The article noted the unworkability of a specific hypothetical attack; I noted an alternate way the attack might have been proposed in response that lacked the specific defect the article spoke of.

Locating an appropriately server-intensive page for the attack to target would only be of importance to someone actually implementing the attack, and since I plan neither to implement such an attack nor read xanga.com there is no reason for me to do so. In the meanwhile it is in no way unreasonable to consider it plausible xanga has inadvertently placed such a server-intensive page somewhere, since it is a relatively complex site with cgi that does not appear to have had that much thought put into it. Since you most certainly have not shown that such a page doesn't exist, there doesn't seem to be any relevance to pointing out that I have not provided such a page; after all, anyone who read the initial post would have been able to see that on their own.

[ Parent ]

shock! scandal! (1.12 / 8) (#45)
by circletimessquare on Thu Dec 30, 2004 at 07:02:35 PM EST

please, don't let me infringe upon your developing hissy fit over my scandalous shocking horribly obtuse criticism! ;-P

why don't you just rate this comment 1 or 0, which is all you ever do with my comments anyway, and move on

unless you think you are actually demonstrating something in this thread except that you get upset easily over minor bullshit?

ok, agreed: you're frail

now where's my 0?

(snicker)


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

circletimessquare = idiot (1.00 / 5) (#47)
by mikexstudios on Thu Dec 30, 2004 at 08:29:28 PM EST

and also a hypocrite. Just like what Dr Gonzo said.

Excellent post mcc.
------------------------- the eXternal mind: http://www.mikexstudios.com
[ Parent ]

i have been shamed beyond the pale (1.50 / 2) (#48)
by circletimessquare on Thu Dec 30, 2004 at 08:53:06 PM EST

i am horrifed at my exigencies, i have been unmakes as a truly horrible hypocrite

yes, mcc had an excellent post, truly the paramount of insight

this is very distressing to me, i am very distressed at my disgusting lapse, how i have so terribly strayed

BWAHAHAHAHAHAHAHA


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

Wow. (1.50 / 2) (#49)
by mcc on Fri Dec 31, 2004 at 01:53:39 AM EST

What?

[ Parent ]
Captcha? (1.42 / 7) (#8)
by Kasreyn on Tue Dec 28, 2004 at 07:17:45 PM EST

Please tell me this is some technical jargon, maybe a combo-keypress like Capslock+T+C+H+A, rather than your goofy slang form of "capture". Please.


"Extenuating circumstance to be mentioned on Judgement Day:
We never asked to be born in the first place."

R.I.P. Kurt. You will be missed.
http://en.wikipedia.org/wiki/Captcha [nt] (3.00 / 3) (#9)
by Tod Friendly on Tue Dec 28, 2004 at 07:29:25 PM EST



echo ${BASH_VERSINFO[$[$RANDOM%${#BASH_VERSINFO}]]}
[ Parent ]
I stand corrected. (none / 1) (#10)
by Kasreyn on Tue Dec 28, 2004 at 07:42:49 PM EST

But the section in that article on Circumvention is cool as hell. Nice to know that as long as enough people want to look at free titty and make their penises better, scammers will continue to be able to get away with anything online. :P


"Extenuating circumstance to be mentioned on Judgement Day:
We never asked to be born in the first place."

R.I.P. Kurt. You will be missed.
[ Parent ]
LOL (none / 0) (#12)
by Dr Gonzo on Wed Dec 29, 2004 at 12:36:07 AM EST

Oh man is someone going to be pissed off when I find the link to that paper that presents an 80%-ish accurate method for circumventing them with a program.

"I felt the warmth spread across my lap as her bladder let loose." - MichaelCrawford
[ Parent ]

LOLLERS x2! (2.00 / 2) (#13)
by Dr Gonzo on Wed Dec 29, 2004 at 01:10:23 AM EST

Score one for my short attention span!

"I felt the warmth spread across my lap as her bladder let loose." - MichaelCrawford
[ Parent ]

Please link (none / 0) (#11)
by adimovk5 on Tue Dec 28, 2004 at 07:52:00 PM EST

Please provide a link to wiki or captcha.net or even wordspy for the word captcha in your story. I've never heard of the word before and I'm sure there are other k5 users and readers who haven't either.

[ Parent ]
IF THIS GETS TO FP (1.00 / 12) (#15)
by After The Gold Rush on Wed Dec 29, 2004 at 02:45:41 AM EST

this is proof that the GNAA and the GNAA is unstoppable and the GNAA is all that's good in the world and the GNAA will probably have me killed for saying this...

if your readers also visit sites like that... (1.42 / 7) (#18)
by dimaq on Wed Dec 29, 2004 at 05:57:50 AM EST

then you're a branwashed technoliterati who deserves an untimely death anyway.

so, who tf cares?

Here's an assignment for ya. (2.80 / 5) (#22)
by i on Wed Dec 29, 2004 at 10:14:39 AM EST

Design a javascript worm that lives in Xanga and destroys other javascript worms. That would be übercool.

and we have a contradicton according to our assumptions and the factor theorem

Not really possible to do what your suggesting. (3.00 / 2) (#50)
by The Devil on Fri Dec 31, 2004 at 12:34:29 PM EST

It's not really possible to create a JS worm that kills other JS worms. The reason these wyrms are so nasty is because they are easy to create and distribute, making them more prolific than regular zombie networks. All the script kiddie has to do is code up some JS that performs a s1ck search on a site like slashdot, and then spam the comment boxes of a bunch of blogs.

To create something like this that would take down JS from another site, would violate the law because you would have to snag admin privs on the blogs, and snuff out the comments with malicious JS.

What would be far easier, would be if by default these blog systems would force a queue for all comments, because admins would have to allow/disallow their comments.

If users are setting up blogs in order to spam from, it would be relatively easy to detect.

I've encountered lots of spam on <a href="http://zenbuzz.org">my own blog</a>, and to deal with it, all I've done is search each comment posted for keywords and dropped the comment. IP banning is not really feasible because many blog sites are spammed from zombie networks, making IP banning extremely futile.

The way to handle this, is to ask Xanga to be responsible and cut the code from their package that allows JS and forwarding. They should drop HTML posting altogether and simply parse URLs for links and images -- that's all one really needs for blog comments anyway. Maybe a the ability to make ul/li/ol lists... but that's about it.

IMHO, the sites should embrace some functionality from the Wiki markup language.

So in turn, this will make the internet healthier. Yet another example of evolution through disease.

[ Parent ]

Here's one idea. (3.00 / 2) (#52)
by i on Fri Dec 31, 2004 at 03:56:55 PM EST

First, some assumptions.
  1. A blog owner usually can delete comments in his own blog.
  2. A page with javascript can completely control the browser (or it's connection to the site in question anyway).
So you post a javascript comment which, when the blog owner views it, analyses other comments on the page (or maybe other pages belonging to that user) and programmatically pushes all the relevant buttons to delete whatever it wants to delete. If the owner can modify other's comments, that's even better; in this case we just strip the target from javascript and iframes, leaving "content" (if any) intact.

Of course it would need to replicate itself just like any other good little virus.

This is somewhat harder than just a self-replicating spambot, but entirely feasible. IMO.

and we have a contradicton according to our assumptions and the factor theorem

[ Parent ]

Perhaps You are Correct (none / 0) (#57)
by The Devil on Sat Jan 01, 2005 at 01:40:43 PM EST

I guess I just don't have a devious mind. Strange -- I thought I did. You are likely correct about the JS stuff because the requests could be faked.

So it comes back to this... URLs should be converted to either links or images and that's all that should be permitted/designed in a CMS package -- maybe listing features (ul/ol/li).

Take it one step further and force the use of UBB or Wiki markup and it's much more difficult to exploit.

[ Parent ]

"inconsiderateness" is not a word. [n/t] (none / 1) (#25)
by sudog on Wed Dec 29, 2004 at 01:23:47 PM EST



Uh.. meant: isn't the best word.. :) [n/t] (none / 1) (#26)
by sudog on Wed Dec 29, 2004 at 01:26:47 PM EST



[ Parent ]
All this, and CENSURESHIP too!!! (none / 0) (#65)
by EminemsRevenge on Sun Mar 13, 2005 at 11:06:22 AM EST

Xanga is probably the easiest and most colourful blogging community on the internet, especially when you get premium. For people like me who are artistically inclined but have no aptitude for computers, it is the best medium on the internet!!! i have railed against the xanganazis in control about all the littles shitseys they put up on the site---emoticunts, profile pics in comments, and other inane crap instead of TAKING CARE OF THE BASICS!!!---and for that my EminemsRevenge site was severely cenSURED so it didn't look like the powers-that-be were practicing censorship. As with Howard Stern, everyone was relatively silent whilst this happened, so now censorship runs amok. Although i barely understand all the techie mumbo-jumbo above, i will post THIS article on my Xanga site since you know the xanganazis won't address this issue on the site.
Keep on rocking for a free world---
[ Parent ]
-1, get a life (1.06 / 16) (#27)
by b1t r0t on Wed Dec 29, 2004 at 02:36:26 PM EST

ipfw add 1000 deny ip from 209.66.88.11 to any
ipfw add 1000 deny ip from any to 209.66.88.11

-- Indymedia: the fanfiction.net of journalism.
-1, useless. (3.00 / 6) (#29)
by i on Wed Dec 29, 2004 at 04:24:50 PM EST

If you put a lump of tissue between your ears to work, you realise that connections you want to deny don't come from that address/IP block.

and we have a contradicton according to our assumptions and the factor theorem

[ Parent ]
moron: its a botnet, attack ips r random (nt) (3.00 / 4) (#32)
by circletimessquare on Thu Dec 30, 2004 at 03:50:27 AM EST



The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
You're not very bright. (1.00 / 5) (#35)
by Dr Gonzo on Thu Dec 30, 2004 at 10:48:06 AM EST

Stick to your neoconservative ideology, it suits you better than all this confusing 'puter stuff.

"I felt the warmth spread across my lap as her bladder let loose." - MichaelCrawford
[ Parent ]

2 things (none / 0) (#41)
by circletimessquare on Thu Dec 30, 2004 at 04:38:09 PM EST

i'm a liberal, not a conservative

my understanding of this problem is dead on, so without any rationale for criticizing me, we can only assume that your understanding of the intarweb is found lacking

The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

Oh yeah, you're *so* dead on (none / 0) (#46)
by Dr Gonzo on Thu Dec 30, 2004 at 07:29:28 PM EST

Hint: it's not a botnet.

"I felt the warmth spread across my lap as her bladder let loose." - MichaelCrawford
[ Parent ]

i'm sorry (none / 0) (#53)
by circletimessquare on Fri Dec 31, 2004 at 05:16:44 PM EST

for my defintion of the word "botnet" which is too liberal for your ears

next time i will consult you first to make sure the words i use in my post conform to your standards, seeing that you have established yourself as the international standards body of what the word refers to EXACTLY

BWAHAHAHAHA

;-P


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

I have a botnet in my pants (3.00 / 3) (#56)
by Dr Gonzo on Sat Jan 01, 2005 at 12:00:01 PM EST

You're welcome to caress it.

"I felt the warmth spread across my lap as her bladder let loose." - MichaelCrawford
[ Parent ]

pretty clever (3.00 / 5) (#31)
by circletimessquare on Thu Dec 30, 2004 at 03:37:17 AM EST

i haven't heard of this sort of blog-enabled bot recruiting before for database intensive targets

is it brand spanking new(tm)?

and so i wonder what would happen if someone pointed this at google or cnn or verisign for example

as this article demonstrates well (thanks submitter, very cool story), the effectiveness of the attack on the server is not dictated by bandwidth, but by cpu-intensive page targets

slashdot makes for the perfect first try at this kind of attack since it is the ultimate "i'm an antisocial geek loser look at my l33t ski11z" chest thumping arena

but what next?

if this kind of attack is new, then i can make a prediction: someone will use this clueless blog surfer (no shortage there) bot recruiting method to query a database intensive page on a website that is more than just a "look at me i took down slashdot i live in my parents basement i'm a dork" kind of target, but something much more serious

what kind of cpu-intensive page targets are out there that are important to society or the health of the internet?


The tigers of wrath are wiser than the horses of instruction.

if you wanted a visit from the fbi (1.50 / 4) (#36)
by rkz11 on Thu Dec 30, 2004 at 11:57:21 AM EST

you could probably shut down the majority of small e-tailers down with this. then you could blackmail  them for some serious cash if they want it to stop.
-- GNAA Member
[ Parent ]
The question is (none / 1) (#37)
by Meshigene Ferd on Thu Dec 30, 2004 at 01:02:47 PM EST

how do you stop it?
--
‮‫אַ גויישע קאָפּ!‮


[ Parent ]

shut down the cpu-intensive page (3.00 / 3) (#43)
by circletimessquare on Thu Dec 30, 2004 at 04:58:20 PM EST

and hope, like slashdot's search function, that whatever page you shut down isn't absolutely vital to your website

the more you think about it, the more scary this kind of attack is: source ip is random, and good attacks will generate queries that are indistinguishable from real queries real customers would employ

perhaps you could profile every visitor to a site and the "walk" they take through your site and authenticate them based on that, as a real customer would probably use a database page in the context of actually browsing your site, while an attack would just jump in from nowhere with it's query

but then you can still say: what a headache for the webmaster, and what an imperfect solution

yuck


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

Referer (none / 1) (#54)
by qbwiz on Fri Dec 31, 2004 at 06:37:34 PM EST

You could possibly just block based upon HTTP Referer. I'm not certain how well it would work, but it seems that it could relatively easily and precisely block this attack.

[ Parent ]
Blocking by referer takes O(1) time. (none / 0) (#55)
by communistpoet on Sat Jan 01, 2005 at 12:16:55 AM EST

or it takes O(n) time with n being the length of the URL. The only problem is if the iframes and such carry over the referer from the originating page. I suspect not.

We must become better men to make a better world.
[ Parent ]
Go go Gadget Internet Comedy Generator! (1.00 / 16) (#39)
by darklordseth on Thu Dec 30, 2004 at 02:28:57 PM EST

Random LiveJournals!

Go go Gadget Internet Comedy Generator! (1.00 / 15) (#40)
by darklordseth on Thu Dec 30, 2004 at 02:29:30 PM EST

Random LiveJournals!

Hrrrm. More details??? (2.66 / 3) (#51)
by WWWWolf on Fri Dec 31, 2004 at 02:51:55 PM EST

Sorry, I was sort of confused by the article. Great topic, of course, but the author was obviously distracted into writing thinly veiled "blogs suck but at least xanga and lj are on their own domains" and "slashdot sucks, and now, it really sucks" and... well... boring comments like that, instead of telling us more.

So let me get this right: 1) Xanga has an inadequate user verification system, 2) given that, they let anyone post completely unfiltered HTML in comments, and 3) people spam the Xanga sites with comments containing iframes to, say, slashdot search, or other intensive CGI scripts that, when called too often, bring too much load to the server? (It wasn't clear that this problem was comment-spam related; speak of "hackers" made me guess they're actually modifying the page templates. Comment spam is an old trick. Not very l33t at all, if you want my spurious opinion as a non-expert of the hAx0r field. But I suppose some d00dz still get kicks out of them...)

Um... wait, that was a bit more boring. Anyway, maybe the lesson learned here is pretty simple: Allowing external references (images, iframes, whatever) in blog comments is a very risky idea at best and stupid at worst.

But there's also one small problem - comment content validation in itself is tricky to implement and needs more than some processor, too... which, of course, is not an excuse to allow people to use any HTML in the comments.

Okay, this was a boring comment...


-- Weyfour WWWWolf, a lupine technomancer from the cold north...


An Example of the Xanga Comment (1.00 / 3) (#61)
by scottsb on Mon Jan 03, 2005 at 01:26:22 AM EST

I have posted a story on my blog about this attack. I noticed the attack myself and came across this article while researching the attack. On my blog, I have a link to an example of one of the spam comments: to Give an Answer: Attack of the Killer Xanga

I Am Evil Incarnate (1.50 / 2) (#62)
by n8f8 on Tue Jan 04, 2005 at 08:24:01 PM EST

Hi, my name is Trevor and I'm a Xangaite and I am hardly repentant. It all started over the holidays when my nephew mentioned his site. Out of curiosity I set up an account (easy setup) and found somthing entirely suprising...flexability. You see, for me the presentation of the message is just as important ans the message itself. And ,much more interresting. I can actually have a little fun designing the layout and dynamic effects. No more static text responses like Slashdot or Kuro5hin. In fact, I have even taken it as a sort of challenge since there is a very limited subset of dynamic output commands, you must use DHTML to rewrite the DOM document after the fact. My god, it's actually fun. Also important, I don't have a thousand buzzing gnats trying to swat down my message with metamoderation like here and Slashdot. I'm not sure how long the fun will last, but I've had more fun with Xanga than I've had in mere posting text on other sites in the entire past year.

Sig: (This will get posted after your comments)
cool (none / 0) (#64)
by ggn on Fri Feb 04, 2005 at 06:57:32 PM EST

it's a cool Clothes

[ Parent ]
http://slashdot.org/search.pl (none / 0) (#63)
by J'raxis on Thu Jan 13, 2005 at 12:47:46 AM EST

It’s been down, up, down again, up again (as it is currently). Did they actually fix the script so it’s less CPU-intensive, or are they just putting it back up again and again only to be re-attacked?

— J’raxis

[ J’raxis·Com | Liberty in your lifetime ]

Xanga is stupid. (none / 0) (#66)
by Dersatz on Mon Apr 04, 2005 at 07:58:19 AM EST

I hate it.. I used to have a webblog, since closed, and it was spammed with links in the comments. Like this: kuro5hin
owned
ownage
ghetto
camwhore
cam whore
teens
hacked
cyber
cyber sex
g00ns
Ceciliantas pwnage
Halo 2
World of Warcraft
Everquest
blog
Xanga
urban dictionary
urbandictionary
blogger


Xanga, The Ghetto Botnet | 66 comments (53 topical, 13 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!