Hi All,
Would anyone happen to have an operations contact at Facebook by
anychance? Our systems are being overwhelmed by a facebook application
that we were neither aware of nor condoned.
Thanks in advance.
Leland Vandervort
Director, Technical Operations
Gandi SAS
Paris
t: +33 1 70 39 37 59
m: +33 6 31 15 15 07
Clearly I do not have all the information, so please forgive me for being confused. But since when do I[*] have to ask you before I put an application on my server? If FB put an application on your server, that seems like something you should have known up front.
The application is not being hosted on the VPS servers, but rather on
the mutualised blog platform and is impacting on other customers of this
platform.
We have VPS services available for the app developer in question to host
his application on should he desire to do so.
Leland
Patrick W. Gilmore wrote:
We have had issues with a FB application basically doing a DOS against a
network. This was not on our servers but somewhere out there on the
Internet. It was an application that was going rogue. It was talking to
several of our user¹s using this application. FaceBook caught it and made
the developer fix the App. I am sure we were not the only ones seeing the
issue.
Justin
Sounds like it's an app on facebook that's causing unexpected access to something on their systems...perhaps kind of like being /.'d ?
I guess the facebook app allows any FB user to check availability of domain names or to request Gandi's whois database.
From what I saw, FB people do not check every applications neither before or after publication.
And that could create some issues out there.
Patrick W. Gilmore a �crit :
Thanks Justin... will give it a shot; hopefully they're relatively
rapid 
Leland
This is a classic case of one of the problems of the increasingly numerous and
powerful Web dev platforms - as you let other people either control your app
through an API, or even write code that executes on the server-side, you're
increasing the cycles available to an attacker. It's similar to the dns
reflector attack.
I certainly did not. And I would suggest we refuse to do so as an industry.
The UN lists 192 countries, and there are several others (e.g. Vatican City, Scotland, etc.) which others may count. Many of these have provinces or states or whatever, and almost all have cities, towns, counties, etc., each of which may have its own laws & regulations.
Operationally speaking (see, this is on-topic :), trying to consider every single one of those possible laws, rules, social norms, preferences, political slants, religious authorities, and whatever else may come into the mix when putting an object or code onto the Internet is simply not possible. Giving in to it, even a little bit, leads to ridiculous restrictions and stifling of many things on the 'Net. We should all push back HARD whenever someone over here tries to tell someone over there what to do.
The OP responded with a quite reasonable answer (shared infrastructure) that had nothing to do with local jurisdiction. That is an operational issue. What laws your country, province, county, town, or church has set up for you should have zero operational impact on me if my gear is not in the same place.
And maybe someday we can even get away from that whole "in the same place" idea. (Hey, one can dream.)
Patrick W. Gilmore wrote: