16 September 2005.
Date: Thu, 15 Sep 2005 21:20:52 +0200 From: Stein Vråle <stein[at]opera.com> To: A Cc: jya@pipeline.com Subject: Re: Attack from Opera.com On Thu, 15 Sep 2005 11:27:41 -0700 [A wrote] > Stein, > > I know you're busy right now, but I noticed cryptome.org has posted > something about attacks originating from pat-tdc.opera.com. If you > have a chance you might want to take a look at it. > http://cryptome.org/opera-attack.htm Hi Mike, yes I'm aware of that one - sad story, it wasn't really an attack but a wild-running bot script on one of our development servers :( I'm not sure what excatly went wrong, but this development server was the prototype for the new My.Opera.Com site, and they were testing out some trackback stuff for blogs. For some reason they left the machine with the bot active (probably a mistake), and it it was running all night long, hammering the poor cryptome.org site (I think it was supposed to only check each site once but got stuck due to some bug). When the developers returned in the morning they stopped it asap but didn't see what it had done, but later that day I was notified by our support dudes that we apperantly had attacked that site. Spent some hours to track it in our logs but it when we finally found the source machine it was already taken care of by the developers. Well so it was all our fault - bots can be evil sometimes. But I didn't know he never got any reply from us (just read his story on your link now) - I told the support guys to respond and say sorry, but perhaps they only contacted the innocent man-in-the-middle (Locotus Prime). Haven't seen anything from them in our hostmaster queue either, but it may be that they only contacted our upstream ISP, and not us - hostmaster@opera.com|no should always work, we are very careful about potential abuse/spam/etc problems, as we have everything to loose if our domain enters a public IP blacklist or something like that. I should probably contact them and say sorry, but I'm not to eager to see my emails being printed in public - so I will first ask the support guys if they really contacted them or not. What kind of site is it btw - looks like a news site or crypto site, but I have never seen it before. Just curious :) Thanks for the report tough - such incidents can be really dangerous for our reputation, so it's important we get aware of them and handle them as promptly and polite as possible. best regards, /Stein #sysadmin @opera
Date: Fri, 16 Sep 2005 13:49:06 +0200 From: Stein Vråle <stein[at]opera.com> To: jya[at]pipeline.com Cc: A Subject: Re: Attack from Opera.com Hello Mr. Young, I'm sorry if my reply yesterday seemed a little strange for you - I didn't recognize your address when Mike cc'ed it, thought it was a friend of him or something, so that's why I wrote about cryptme.org in third person ;) In any case, you probably read my answer to the attack problem, so just to clear any potential confusion: The hits on your sites where caused by a failure in one of our development system, and it was entirly our fault - no externals outside our company were involved, and it was not intentional to hit your site - it was a developing accident. We're really sorry about it, and will do whatever we can to avoid such things to happen again. I'm also sorry you didn't reach us by mail either - first report I got on this was from Locutus Prime, who reported it to our support department last friday. If anything like this should happen again (but it shouldn't), you can reach us at hostmaster@opera.com. Also feel free to contact me directly. If there is something we can do to compensate for the problems we gave you, let me know. Thank you and best regards, Stein Vråle sysadmin/hostmaster Opera Software ASA