Close Menu
Technotification
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    Technotification
    • Home
    • News
    • How To
    • Explained
    • Facts
    • Lists
    • Programming
    • Security
    • Gaming
    Technotification
    Home › Security › Facebook servers are Vulnerable to DDos attack

    Facebook servers are Vulnerable to DDos attack

    By Vikram Singh RaoJune 17, 2017
    Facebook Twitter Reddit LinkedIn



    Distributed denial-of-service (DDoS) attacks are ever increasing and the attackers are using novel and sophisticated ways to carry out their malicious acts. A new way is to use Facebook ‘Notes’ as a mechanism to trigger DDoS attack using the image, <img> ,tag according to Chaman Thapa, known as ‘chr13’ who wrote in a blog recently.

    Facebook Notes allows users to include <img> tags. Whenever a <img> tag is used, Facebook crawls the image from the external server and caches it,” Thapa wrote.“Facebook will only cache the image once however using random get parameters the cache can be by-passed and the feature can be abused to cause a huge HTTP GET flood.

    He explained the steps needed to be taken in the blog one by one. The users can tag 1000 images in one Facebook Note or the same image can be tagged a 1000 times. Suppose each image is at least 1 Mb and if 100 users try to see the note at the same time then the amount of parallel requests for Facebook servers is already huge that is 1 * 100 * 1000 = 100,000 Mb or 97.65 Gb.

    This can become even bigger if the image file is replaced with some other file of larger size. For example, Thapa used PDF file of 13 Mb and demonstrated that the impact can be huge.

    “Getting rid of the browser and using the poc script I was able to get ~900 Mbps outbound traffic,” Thapa wrote in his blog. He continues:

    “I was using an ordinary 13 MB PDF file which was fetched by Facebook 180,000+ times, number of Facebook servers involved was 112.”

    He found similar issues with Google also which means that the method can be easily replicated to other services. After reporting the issue to Facebook, Thapa got a reply from them telling him that they will not fix it. Facebook wrote:

    “In the end, the conclusion is that there’s no real way to us fix this that would stop “attacks” against small consumer grade sites without also significantly degrading the overall functionality.”

    Thapa criticized Facebook for not taking it seriously. He wrote:

    “I’m not sure why they are not fixing this. Supporting dynamic links in image tags could be a problem and I’m not a big fan of it. I think a manual upload would satisfy the need of users if they want to have dynamically generated image on the notes.“

    Read More about it on Thapa’s Blog 

    Share. Facebook Twitter LinkedIn Tumblr Reddit Telegram WhatsApp
    Vikram Singh Rao
    • Website
    • Facebook
    • X (Twitter)
    • LinkedIn

    I am an entrepreneur at heart who has made his hobby turned a passion, his profession now.

    Related Posts

    NVIDIA GeForce NOW is Finally Coming to India

    January 8, 2025

    The Psychology of a Phishing Email: How Scammers Play with Your Mind

    July 16, 2024

    9 Essential Elements of a Strong Cyber Security Management System

    July 3, 2024

    Common Cyber Attacks and How to Prevent Them

    July 3, 2024

    How Cyber Security Paid Training Prepares You for Real-World Threats

    June 13, 2024

    The Role of Security in Server Colocation Environments

    March 12, 2024
    Lists You May Like

    10 Best RARBG Alternative Sites in April 2025 [Working Links]

    April 1, 2025

    10 Sites to Watch Free Korean Drama [2025 Edition]

    January 2, 2025

    The Pirate Bay Proxy List in 2025 [Updated List]

    January 2, 2025

    10 Best Torrent Search Engine Sites (2025 Edition)

    February 12, 2025

    10 Best GTA V Roleplay Servers in 2025 (Updated List)

    January 6, 2025

    5 Best Torrent Sites for Software in 2025

    January 2, 2025

    1337x Alternatives, Proxies, and Mirror Sites in 2025

    January 2, 2025

    10 Best Torrent Sites for eBooks in 2025 [Working]

    January 2, 2025

    10 Best Anime Torrent Sites in 2025 [Working Sites]

    January 6, 2025

    Top Free Photo Editing Software For PC in 2025

    January 2, 2025
    Pages
    • About
    • Contact
    • Privacy
    • Careers
    Privacy

    Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.

    © 2013 - 2025 Technotification | All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.