| Author |
 Topic  |
|
|
Dave.
Senior Member
USA
1037 Posts |
 Posted - 15 August 2004 : 01:08:35
|
Recently, on a forum I moderate we had a problem with a form of a DoS attack. What happened was that someone (With many proxies) sent 55 thousand requests for search.asp to search for one word. This generated so many queries on the SqlServer that the webhost shut down the database.
I'm currently trying to devise a solution to stop this from ever happening again. My first idea was to limit the number of searches per minute for a user, sort of like flood control for search.asp. But since this will still require a query on the SqlDb every time the page is run, then we are still open to the same attack.
So I'm wondering what everyone thinks here, I'd like to NOT disable searching for non-logged on users. |
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 15 August 2004 : 02:42:07
|
| It's probably not the most efficient, but I'd consider just using a Session Variable and record the time each search.asp is submitted and basically not let it run if there was less then 15 secs or something since the last time. Since you'd be using a session variable then it will limit basically each user without needing to pull anything from the database. |
Kiwihosting.Net - The Forum Hosting Specialists
|
 |
|
|
redbrad0
Advanced Member
USA
3725 Posts |
Posted - 15 August 2004 : 02:49:44
|
Well a quick solution is to just check what the ip address is of the person running the search and if it matchs the previous search ip address then don't run the search. So for a example it would be like (and im very tired so I am sure the code is not 100% right)
if strIPAddress=Session("LastSearchIPAddress") Then
Response.Redirect("http://www.google.com")
else
Session("LastSearchIPAddress") = Request.ServerVariables("remote_address")
end if |
Brad
Oklahoma City Online Entertainment Guide
Oklahoma Event Tickets |
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
|
|
HuwR
Forum Admin
United Kingdom
20600 Posts |
Posted - 15 August 2004 : 05:37:18
|
| If it wasn't for things like NIS it would be as simple as checking the referrer string when the form is posted, if the referrer wasn't your forums search.asp then it is a spoofed search |
|
|
|
Nathan
Help Moderator
USA
7664 Posts |
Posted - 15 August 2004 : 08:46:29
|
Brads method is flawed if your forum is slow, becuase one user could in theory search twice (5 minutes apart) and if no one tried to search in between the search would be rejected.
Treating it more like flood control, like Gremlin suggested, will work on either high traffic or slow forums. |
 Nathan Bales
CoreBoard | Active Users Download |
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
|
|
Dave.
Senior Member
USA
1037 Posts |
Posted - 15 August 2004 : 14:05:32
|
quote:
Originally posted by HuwR
If it wasn't for things like NIS it would be as simple as checking the referrer string when the form is posted, if the referrer wasn't your forums search.asp then it is a spoofed search
That was actually my first thought, but I'm a NIS user so... :/
I'm going to give the sessions a try, and maybe I'll look at the referrer mod too, thanks guys. |
|
|
| |
Topic |
|
Topic Locked
