solution for anti flood website ?

Ve Dau · #1 (**permalink**) 08-08-03, 09:43 AM

too much my best friend using php and mysql .And someone hacker has been flood their site with a script to register many members , login , view theread ,memberlist v.v.
it make too many connection and Mysql was down

.we are make too much solution this trouble . but now we using htaccess ( user + pass ) to denied someone to flood our site

. but that not a good solution .
I'm think in hotscripts is too much coder and you can help we .
regard
sorry if my english is bad !
Ve Dau

Stefan · #2 (**permalink**) 08-08-03, 10:09 AM

you could put all kinds of checks on your registration script, such as using sessions, or having some kind of visual confirmation before the actual registration takes place.

MadDog · #3 (**permalink**) 08-08-03, 11:40 AM

i had someone do this to my site once. There was over 1000 members registered in about 10 secs, and all of them had bad email address's so i got them all back in my email (NOT FUNNY).

I just shut down my site for about an hour (i created an option on my site to redirect them to a "closed" page), and they haven't come back since.

But if possible you could block there IP address.

RocketPack.net · #4 (**permalink**) 08-08-03, 02:44 PM

I was just asked to do this for a friend actually.

I have not finished, but I will tell you what I had in mind-

Every time a user visits a page, the following occurs:

If their IP block (xxx.xxx.xxx.*) is recognized on a 'ban-list', they are given a simple 'You have been banned' message and nothing else. If they pass, we move on to 'purging' (you have to purge before you check), which means get rid of old (out-dated) records like so:

$timeout = 5; // minutes
$cutoff = (mktime()-($timeout*60));
$query = "DELETE FROM flood WHERE time < " . $cutoff;
$resuly = mysql_query($query);

this gets rid of records older than 5 minutes.

Now, continuing the page load: a unique ID is stored in a session AND their ip is retrieved. We add a new record to our database (EVERY page load, even if it isn't their first), which is simply like so-
Unique ID, IP, Time
Then, we count the number of rows they have (remember, we purged old ones, so 'hits' from 5 minutes ago don't matter anymore, so it is fair), and if it's greater than a certain amount (ie. 1000 times in 5 minutes is a LOT, I'd go with 100 even), we 'Warn' them. This is like a 24 hour ban. They can't come back for 24 hours, and when they do they have '1 warning' (their ip/id are stored in the DB with a warning count of 1). If they offend again, they get another warning and timeout. Once they get warned enough times, they are added to the banlist.

It's quite simple, however it could (if your site gets a lot of simultaneous users) load up a DB with a lot of records, but MySQL should be able to handle it just fine. So in review:

Check to see if their IP is banned
Purge old records
Count their 'hits' in the last x amt of time
Warn them if it's too high

It seems pretty effective to me.

ALSO, if you'd like to be indexed by bots (ie google), you need to do a user agent check to make sure you're not blocking a simple, friendly indexer!

MadDog · #5 (**permalink**) 08-08-03, 02:49 PM

RocketPack.net,

If you put "No website is configured at this address" it would fool the person in thinking the website is actually down, so you wont get any pissed off banned users (until they actually find out its actually up) LOL

Thats what i did a while ago when i had some spamers on my site

RocketPack.net · #6 (**permalink**) 08-08-03, 04:08 PM

That is indeed a good idea!
Perhaps even a header('Location: ') or an error, like a 404 error.

It would minimise the potential for a knowledgeable user to attempt to 'push' his way back in, if you know what I mean!

[edit]

It would also be beneficial to add a usleep(500) to each page load.

To the avg. user, 1/2 of a second isn't noticable. However, to a program which is attempting to access 1000 pages, 500 miliseconds becomes over 8 minutes of delay. Very effectice for detering people from using bots to index/rip off your site, attempt to crack passwords, etc.

MadDog · #7 (**permalink**) 08-08-03, 04:41 PM

Quote:

Originally posted by RocketPack.net
It would minimise the potential for a knowledgeable user to attempt to 'push' his way back in, if you know what I mean!

Yup, thats why i make it so it appears the site is offline, or doesn't exist.

Archbob · #8 (**permalink**) 08-08-03, 04:42 PM

This is easy to do. Generate a random number between 1 and 1 million and make the user type in that number as a verifcation or the registration won't go through.

Ve Dau · #9 (**permalink**) 08-08-03, 11:21 PM

RocketPack.net your idea is good but it touch Mysql if too much connection --> too many connection -> mysql will be down and server too .
now we using mod GD of php to make a verifcation for register( look like yahoo ) and no one can't flood members !
now we wanna have a solution for the site not for register members.
In Section : member lis must use too much connect_mysql , query . and orther section use too much connect_mysql and query . we need a solution please help us . thanks

sorry if my english is bad !
Ve Dau

bmksc · #10 (**permalink**) 08-08-03, 11:46 PM

I think when using a verification number to anti flood in the registration form, they'll able to flood the MySQL of the server. Cos every variable submit to the form, the application will execute some SQL query. IF the attacker send many variables at 1 times. Maybe we'll have a Too many connections SQL Error.