Wednesday, March 04, 2009

Google Bot Got PWND!

It's a TRAP!
Every once in a while, I write a test web page for the sole purpose of crashing a browser. Almost all of them implement some sort of infinite recursion. Many of them use JavaScript to force the recursion, but about a year ago I wrote one using frames (don't worry, it's just the source code).

As you can see, it's quite a doosy right off the first step. Under the intended conditions, this page would force a browser to re-request the page an exponentially increasing number of times (4n exactly). Unlike previous variants of my browser crashing pages, this one successfully crashed every browser I tested it in (i.e. IE6/7, Firefox, Opera, Chrome), some harder than others.

It tricks any agent into thinking it's a new page it's requesting because every URL has a unique token appended to the URI's query string. So, this not only forces the browser to re-request the page, but also prevents the browser from using an existing copy of the page in the its cache. One way or another, the browser's memory will fill up and crash.

Up until now, I've all but forgotten the glorious Frames Galore! script. That is, until I was browsing my Apache web server access logs for the website and discovered something very interesting (and humorous).

Line-after-line-after-line of these:
66.249.73.85 - - [03/Mar/2009:15:35:28 -0500] "GET /test/frames.php?24a0d270ecf9e10b89780563935a4523 HTTP/1.1" 200 571 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

It seems that one of Google's children has been trapped in this script for over a month now without any signs of escape. Initially, I [arrogantly] pondered to myself, "I wonder if this will crash the bot;" by way of logic that the bot's behavior is similar to traditional browsers. But, if it's gone on for over a month now, there's probably no such thing as crash for this bot (at least not this easily). It will probably crash my web server before it does considering the raw horsepower (i.e. FLOPS, RAM, bandwidth) available to it.

Even if I can't crash the bot, it's still a funny notion that the machine doesn't know when to stop. It's like a little kid playing monkey in the middle, but doesn't realize that the big kids aren't going to let him have the ball any time soon.

Labels: , ,