Meh. Neither are particularly inspiring. Yeah, thejester's is pedantically long and uses way too many variables, while lulzsec seems to have an aversion to variables, running ip2long($argv[1]) up to three times per loop.
Also, the "lulzier" version does not separately handle the case where a webserver is found but does not return a response containing the needle. It's true that thejester's script is not particularly efficient in wasting a socket connect to do this separate check, but for a one-off task, who cares.
Since $c is the IP address itself, adding the starting IP again will check a completely different IP.
Besides that, you have a point. I feel like the code would be so much cleaner if they just added a 4th line to declare ip2long($argv[1]) as a variable.
I suppose. I wonder what would be a better way to find their web server. Maybe looking for IPs that run a web server using nginx, but don't respond to the host specified in their rDNS record. Then again, that would lead to way too many hosts.
I doubt they'll set up a PTR record. What they'd do if they're smart is firewall their box so it only accepts port 80 requests from Cloudflare's systems. Anything else can be discarded, e.g.:
iptables -A INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -s w.x.y.z/xx -j ACCEPT
Probably. There are a lot of hosting/VPS companies out there that have instant provisioning and don't ask too many questions. I imagine it would be pretty hard to find them this way unless they do something stupid.
Also, the "lulzier" version does not separately handle the case where a webserver is found but does not return a response containing the needle. It's true that thejester's script is not particularly efficient in wasting a socket connect to do this separate check, but for a one-off task, who cares.