Scroogle's six servers have been under an around-the-clock flooding that is coming through Tor. Until today, this has been going on for eight days without any let-up. They came into Scroogle in the form of one of three GET requests for a search. They use DNS lookups of www.scroogle.org because they hit only our servers that were currently in our DNS. Curiously, they also picked up our favicon.ico consistently, which in restrospect seems to suggest a misconfigured machine. Anyway, it slowed to a crawl about ten hours ago. The three search terms requested are easy to catch: 1) damian+conway+perl 2) osman+semerci+-fired 3) issam+fares+-kanaan We lifted our Tor blocks about an hour ago. Only a few per hour are coming through by now, which we are handling directly based on the search terms instead of trying to block all Tor exit nodes. Originally we thought that someone was using Scroogle to scan for possible Tor exit nodes. We chose to use null-route blocking to defeat this, because a "Forbidden" would merely confirm that the circuit found its intended destination. Then we thought that whoever is doing this is anti-Tor as much as anti-Scroogle, and that it was an attempted denial of service. Now we think it was an out-of-control machine and that it was turned off earlier today. -- Daniel Brandt