{"id":74,"date":"2013-09-14T17:05:00","date_gmt":"2013-09-14T15:05:00","guid":{"rendered":"http:\/\/celilsemi.erkiner.com\/blog\/?p=74"},"modified":"2020-05-29T13:57:24","modified_gmt":"2020-05-29T11:57:24","slug":"ddos-with-google-servers","status":"publish","type":"post","link":"https:\/\/celilsemi.erkiner.com\/blog\/ddos-with-google-servers\/","title":{"rendered":"DDos with Google Servers"},"content":{"rendered":"

In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.<\/p>\n

 <\/p>\n

This usually requires lots of computing power and good internet connection. And to overcome some of the precautions that can be considered normal today,  well treated-parallel attacks are required to being done simultaneously.<\/p>\n

When you find a way to use huge Google servers for that kind of attack,  this saves you from a huge burden.<\/p>\n

In theory, since I am writing this post, there is a way.<\/p>\n

We will use Spreadsheets in Google Drive and FeedFetcher crawler bot for that,<\/p>\n

\"Google<\/a>
Google Drive Speadsheet<\/figcaption><\/figure>\n

If we put =image(\u201chttp:\/\/example.com\/image.jpg\u201d)<\/strong> in one of the cells of Google spreadsheet, Google will send the FeedFetcher crawler to grab the image and cache it to display.<\/p>\n

Do that again and you will noticed it will use cached image directly instead of getting it again. But we can force it to load that image again by adding an useless GET tag to url.<\/p>\n

 <\/p>\n

\"Google<\/a>
Google Drive Spreadsheet image Function<\/figcaption><\/figure>\n

 <\/p>\n

 <\/p>\n

=image(\"http:\/\/celilsemi.erkiner.com\/images\/me.jpg?id=0\")
\n=image(\"http:\/\/celilsemi.erkiner.com\/images\/me.jpg?id=1\")
\n=image(\"http:\/\/celilsemi.erkiner.com\/images\/me.jpg?id=2\")
\n=image(\"http:\/\/celilsemi.erkiner.com\/images\/me.jpg?id=3\")
\n...
\n=image(\"http:\/\/celilsemi.erkiner.com\/images\/me.jpg?id=1000\")<\/code><\/p>\n

 <\/p>\n

Appending random parameter, each link is treated as different thus Google crawls it multiple times causing a loss of outbound traffic for the website owner. So anyone using a browser and opening just a few tabs on his PC can send huge HTTP GET flood to a web server.<\/p>\n

 <\/p>\n

\"Csv<\/a>
Csv Codes of 1000 IMAGE Funcs Creator<\/figcaption><\/figure>\n

 <\/p>\n

 <\/p>\n

Little piece of php codes to create thousand Google Spreadsheet image functions, after creating tags and coping them properly, a cvs file can be created with it.<\/p>\n

By properly, I mean you need to be sure that there is no other text than the image function on each line.<\/p>\n

 <\/p>\n

\"Csv<\/a>
Csv Codes of 1000 IMAGE Funcs<\/figcaption><\/figure>\n

 <\/p>\n

After you name this file to “anytext.csv” you can import it to Google Drive Spreadsheet.<\/p>\n

\"Google<\/a>
Google Spreadsheet Import Options<\/figcaption><\/figure>\n

 <\/p>\n

It worked perfectly and started immediately when I chose “Comma” as a separator.<\/p>\n

 <\/p>\n

Perhaps there will be some limits like number of cells in Spreadsheet or number of images Google let us have in Spreadsheet. I have tried just with an image and 1000 cells. In theory it is really possible to damage a server connection.<\/p>\n

 <\/p>\n

To Amplify the attack an url of pdf document can be used. This will provide an almost perfect ratio of bandwidths to you. You will request Google to put the image link in the spreadsheet, even if  Google fetches huge amount of data from the server,  since it\u2019s a PDF(non-image file), you will N\/A from Google.<\/p>\n

 <\/p>\n

Servers and accounts in this post are mine. I have no intent to hurt any one or support you to hurt any one. These information is purely scientific and experimental thus I am not responsible for any usage.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.   This usually requires lots of computing power and good internet connection. And to overcome some of the precautions that can be considered normal today,  well treated-parallel attacks are required to being […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[8],"tags":[15,16],"class_list":["post-74","post","type-post","status-publish","format-standard","hentry","category-back-end","tag-google","tag-server"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/celilsemi.erkiner.com\/blog\/wp-json\/wp\/v2\/posts\/74","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/celilsemi.erkiner.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/celilsemi.erkiner.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/celilsemi.erkiner.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/celilsemi.erkiner.com\/blog\/wp-json\/wp\/v2\/comments?post=74"}],"version-history":[{"count":2,"href":"https:\/\/celilsemi.erkiner.com\/blog\/wp-json\/wp\/v2\/posts\/74\/revisions"}],"predecessor-version":[{"id":307,"href":"https:\/\/celilsemi.erkiner.com\/blog\/wp-json\/wp\/v2\/posts\/74\/revisions\/307"}],"wp:attachment":[{"href":"https:\/\/celilsemi.erkiner.com\/blog\/wp-json\/wp\/v2\/media?parent=74"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/celilsemi.erkiner.com\/blog\/wp-json\/wp\/v2\/categories?post=74"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/celilsemi.erkiner.com\/blog\/wp-json\/wp\/v2\/tags?post=74"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}