The Musings of Chris Samuel » Blog Archive » Abusing OpenID for Phun and Profit

Abusing OpenID for Phun and Profit

My esteemed friend Dr. Rich Boakes has noticed some odd behaviour in his Apache logs that turned out to be people abusing his OpenID server to make page requests to remote sites, presumably as a way of increasing clicks. He raises an interesting point as to whether this makes OpenID servers potential DDoS amplifiers (I suspect he’s right).

This entry was posted on Friday, August 21st, 2009 at 6:16 pm and is filed under Internet, News, Rich Boakes, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Comments

Rich says:

August 21, 2009 at 6:46 pm

Props where they’re due… I was thinking primarily about proxying of a DDOS attack, the threat of amplification was spotted by you as I described the scenario.
Chris Samuel says:

August 21, 2009 at 8:09 pm

Just goes to prove I have no memory..

Leave a Reply

Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Australia

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Australia.