Facebook Accidentally DDOS’d me.

Here I am at BathHack with Josh and Tim, trying to set up my first working Rails server, and the Rails application keeps giving us errors. Strange, Josh swears it’s set up correctly. We look at the production.log file to check for errors, and we find that someone’s constantly making 2–3 GET requests to the VPS every second.

An example of the GET request

I don’t have an uploads folder, so I’m not sure where it’s looking. Josh and I scroll up, and we see a few hundred of these… the file is 3MB, and there’s over 38,000 lines in this file at the time of writing of this sentence.

But there are IP addresses in there…

IP Addresses Highlighted: 173.252.73.121 | 173.252.73.123 | 175.252.120.104 | 66.220.156.98 | 173.252.88.94

Okay, someone is trying to DDOS a droplet I literally just created half an hour ago. Let me go and check who the IP addresses belong to.

Let me try the first one…

Facebook? Okay, this must be a mistake, let me try the second one.

No… this has to be a coincidence, let me try a different-looking one.

Is Facebook pinging the wrong IP address, or is it possible that they once owned it? I did a bit of Googling and found that a dynamic IP address is an IP address that is assigned automatically by the DHCP (Dynamic Host Configuration Protocol) to a device, account or user when it is connected to the network; that is, it is assigned as needed rather than in advance. So was Facebook hosting something on a DigitalOcean droplet, and was its IP address assigned to me?

But this doesn’t make sense because Facebook wouldn’t host anything on DigitalOcean when they have their own data centres especially since they recently ditched AWS for their own servers on Instagram.

Tim and I did a bit of more hunting.

I Googled: /uploads/app2/images which is the directory being requested every time.

The first thing that caught my attention was the Facebook link at the bottom that leads to someone’s profile. They had posted a link from PhotoGap.me.

Tim opened up the website and found a “Sign In with Facebook” button on PhotoGap.me, which he did. It generated a photo with a timeline of his face over the past five years, and gave him the option to “Post [the image] to Facebook”.

The URL of this photo?

http://cdn2.photogap.me/uploads/app2/images/1447519985417_r2RaiwX0cvFsYKi5IFOEyQ2ssLyK7McCOb1zCTke.png

There’s still one missing piece to the puzzle. Why is Facebook sending GET requests to a random DigitalOcean droplet? Because it’s not random.

PhotoGap is hosted on DigitalOcean. They must have destroyed one of their own droplets whose IP address was later assigned to me, and every time someone opened up a Facebook profile page with a PhotoGap URL that someone posted, it sent me a GET request.

And now I have to destroy this droplet and start over. I wonder how many frustrated developers before me tore their hair out before destroying this droplet without knowing what the hell was wrong with it, and without knowing that they were about to pass on this problem to someone else.

I’ve discovered the Cursed IP of Digital Ocean.

Thanks Facebook.

EDIT: The founder of PhotoGap tweeted me back.