Umm yes I don't think so too, but thats one of the only possibile options.. so give it a shot because you have nothing to loose (: I also think he should speak to the server administrator / the guy he pays him the money and ask what to do, I'm pretty sure that he had already encountered something like this before. On 16/06/2008, Jim Lucas <lists@xxxxxxxxx> wrote: > > Nitsan Bin-Nun wrote: > >> Okay, I got the idea, >> I think you can use PHP to write .htaccess file for IP blocking or >> something >> like that (shared hosts allow this and I'm pretty sure that Apache >> .htaccess >> are able to manage IP blocking). >> >> > As long as Apache allows .htaccess files > > But... even then what IP's would you write to this? > > If a person changed their IP each time they access the script, then it > still would not work. > > I would have to say that I just don't think that PHP is going to be the > medium in which this problem has to be handled. > > HTH, >> Nitsan >> >> On 16/06/2008, Jim Lucas <lists@xxxxxxxxx> wrote: >> >>> Nitsan Bin-Nun wrote: >>> >>> I think you can handle this with 2 pages, the first is checking whether >>>> the >>>> user is permitted to upload or not and if so passing him to the upload >>>> form >>>> with a simple (bool) $_SESSION variable which indicates his permissions. >>>> If you will try to access the second page and the $_SESS variable won't >>>> exist it will throw you back to page 1 to validate your permissions. >>>> >>>> Am I missing something? (its pretty simple..) >>>> >>>> >>>> Yes, PHP hasn't started yet. >>> >>> When someone tries to upload a file to a server, Apache is accepting the >>> file first. Once the file is completely uploaded, Apache hands off the >>> processing to Apache. Problem is, by this time the DoS has already >>> happened. Apache has waisted its time receiving the file. >>> >>> HTH >>> >>>> On 16/06/2008, Per Jessen <per@xxxxxxxxxxxx> wrote: >>>> >>>> Jim Lucas wrote: >>>>> >>>>> Per Jessen wrote: >>>>> >>>>>> Michelle Konzack wrote: >>>>>>> >>>>>>> My biggest problem is, that the "/fileupload.php" was always >>>>>>> >>>>>>>> references >>>>>>>> from outside my webspace. OK, I was thinking this can be solved >>>>>>>> by >>>>>>>> using HTTP_REFERER which has then worked for some days but NOW >>>>>>>> those pigs are back and sending spoofed HTTP_REFERER. >>>>>>>> >>>>>>>> Since I have only a VHost @ISP I can not go deeper into the >>>>>>>> Apache2 config what I have done when I was running my own server. >>>>>>>> >>>>>>>> Can anyone suggest me something, how to block requests from outside? >>>>>>>> >>>>>>>> Check client IP-addresses? >>>>>>> >>>>>>> >>>>>>> /Per Jessen, Zürich >>>>>>> >>>>>>> >>>>>>> The problem that the OP is going to run into is the "Chicken before >>>>>>> >>>>>> the Egg" problem. PHP will not start processing until the file upload >>>>>> has already been completely uploaded. >>>>>> >>>>>> I was about to say "Then let apache check it", but I hadn't read the >>>>> last paragraph of the OPs question. >>>>> >>>>> >>>>> /Per Jessen, Zürich >>>>> >>>>> >>>>> -- >>>>> PHP General Mailing List (http://www.php.net/) >>>>> To unsubscribe, visit: http://www.php.net/unsub.php >>>>> >>>>> >>>>> >>>>> -- >>> Jim Lucas >>> >>> "Some men are born to greatness, some achieve greatness, >>> and some have greatness thrust upon them." >>> >>> Twelfth Night, Act II, Scene V >>> by William Shakespeare >>> >>> >>> >> > > -- > Jim Lucas > > "Some men are born to greatness, some achieve greatness, > and some have greatness thrust upon them." > > Twelfth Night, Act II, Scene V > by William Shakespeare > >
