| Author |
 Topic  |
|
|
gcbbs
Starting Member
2 Posts |
 Posted - 22 April 2003 : 19:18:09
|
Hey guys, I'm the admin of the georgecarlin.com BBS and site - anyhow, some jerk has been attacking our boards for weeks now with the following method (and yes, I've blocked him IP, etc., he keeps coming back on a new machine) He posts a message with several thousand carriage returns and spaces, and it kills the thread (does a timeout on page) and radically slows down the entire site. Try it for yourself - open a word notepad doc, make some carriage returns and every few lines put in a space, do a few pages and then copy and past it so you have say 600 pages. Then put in say a happy face at the end. Then dump it into the post field and you've got a dead thread.
Now, I am an ASP programmer but before i start wading through the code I thought i would ask a) is there an easy fix (should I limit the field size in the DB, for instance), and b) if I'm going to limit the size of the message field, what's the best method?
Thanks, an outstanding product all around, really the best of the net in my opinion. And Carlin thanks you...
c
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 24 April 2003 : 06:46:55
|
I'm guessing what its basially doing is exploiting the fact that Replace is a rather intensive vbScript instruction, each of those carridge returns are converted to "<BR>" using a Replace function so they display in HTML properly.
I don't have any smart suggestions though on how to go about stopping this. |
Kiwihosting.Net - The Forum Hosting Specialists
|
 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 24 April 2003 : 07:14:42
|
I think there are several things that could be use to try to diminish the impact of what this guy is doing. For starters, consider restricting registration, just so that you can approve all new members, thus delaying the time between each of his new registrations.
Now, to take care of the strategy being used by him, just without taking a deep look at the code, I would suggest using something regarding the size of the message. You can maybe have an idea on what is the size of the messages he uses in chars and do not accept messages that take that many chars or another value that may be effective to stop what he is doing. That value would have to be found by you, possibly by trial and error.
You could, maybe as an alternative strategy, count the value of carriage returns in the message. Above a given number, for example, you'd reject the message. I'm guessing that the number of carriage returns there must be very big, and in a normal message possibly it's not that big, so finding a suitable limit number may not be too difficult.
With each of these strategies, a possibility that could be considered to avoid legitimate posts being rejected, would be to mark them has being needing moderator approval. This is the aspect of my suggestion that needs more "research" to see how it could be done - a careful analysis of the code would be needed.
Also GauravBhabu has a mod that allows you to enable moderation for all posts by a user until he gets a number of posts that you can define. You could use this mod and apply it to all your new users, which could be a way to stop this guy, or you could use it as an inspiration to create a new type of moderation for a forum - moderate posts by size or by number of carriage returns.
Just some ideas. Hope it helps. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
gcbbs
Starting Member
2 Posts |
Posted - 24 April 2003 : 09:57:31
|
Thanks for the suggestions. First, I did the email confirmation thing and it didn't stop him. Nothing has stopped this guy, though since I've blocked 3 seperate IP's it has slowed him down, haven't seen him in a week or so. Anyhow, some responses below...
One factor is I really don't have time to review all the new people, as the forum is somewhat unmoderated (as you would expect from Carlin) and we want it to stay that way.
His message size varies...I could check for a message with a lot of <BR>'s though, that's a good suggestion. The moderator approval for the messages won't work because it's too time intensive. However, it's possible i'll look into the GauravBhabu mod and appoint a new moderator...but mods have created massive political problems on the board i don't even want to get into (calling people at home to harrass them, etc).
The thing is, the way I have it right now people contact me as soon as he starts doing it, and I immediately delete the posts and block him IP. I just want to stop him from doing it in the first place!
c |
|
|
|
gelliott
Junior Member
USA
268 Posts |
Posted - 24 April 2003 : 12:15:49
|
A user named "jfitz" posted a comment (see below link) in GauravBhabu's thread for that mod, stating that he had changed the mod to include a "user probation" feature - you might check with jfitz to see if he can elaborate on his approach.
http://forum.snitz.com/forum/topic.asp?whichpage=-1&TOPIC_ID=39014&REPLY_ID=219439 |
* The optimist says the cup is half full. The pessimist says it's half empty. But the engineer knows the truth - the cup's design is incorrectly sized.  |
|
|
| |
Topic |
|
|
|
Topic Locked
