[conspire] Public Interest Registry uses rate-limited whois on .org: Grrr!

Rick Moen rick at linuxmafia.com
Tue Jul 3 12:08:40 PDT 2007

Quoting Ryan Russell (ryan at thievco.com):

> It's most likely intended to limit email address harvesting rather than
> a concern over denial of service.

Yeah, good point.  Thanks.  (They rate-limit queries at the Web
interface in a similar fashion, with a less severe limit.)

The address-harvesting bots, to be economically viable, have to 
pull in a _lot_ of addresses during their runs.  So, somewhat smarter
than a per-IP limit of four queries per minute might be a per-IP cap on 
total number of queries within a single day or half-day, regardless of
rate.  E.g., cut off an IP for a day or two whenever it reaches a
thousand queries within a twelve-hour period, or such -- which would
ruin the address-harvesters' strategy without interfering so much with 
legitimate scripted queries.  But that would be more difficult to code,
and I'm guessing they went for the quick and easy limit.

More information about the conspire mailing list