Michelle Konzack wrote:
************************************************************************ * Do not Cc: me, because I READ THIS LIST, if I write here * * Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe * ************************************************************************ Hello, on my "devel" server I have a script, which allow me to upload Debian packages which then are included in my private Debian mirror. Now I have gotten several 1000 hits in the last days. I call it DoS. There are idiots who have tried to upload shit on my Webspace but since I check it to be ONLY Debian files they where not successful. My biggest problem is, that the "/fileupload.php" was always references from outside my webspace. OK, I was thinking this can be solved by using HTTP_REFERER which has then worked for some days but NOW those pigs are back and sending spoofed HTTP_REFERER. Since I have only a VHost @ISP I can not go deeper into the Apache2 config what I have done when I was running my own server. Can anyone suggest me something, how to block requests from outside? Size limitation is not possibel, since some of my upload files are very huge and I must be able to upload files without Laptop and FTP/SCP access.
There's a number of things you can try, depending on what EXACTLY they are doing.
If they are uploading things to your server which they then reference, it is a simple apache configuration that you could do. For instance, you can upload fine to my server, but once it is there, the system knows nothing about it. You can see the file all day long, but nothing is going to allow it to get served back to you.
If they are continuing to load the page, implement a simple login and page check for that specific page. Sure, apache loads the page, but that's done PDQ instead of letting them upload a file first. If the login works, great, give them the upload form, otherwise error them out. You could snag the IP address, browser type, other information and store it all in a DB, then do a quick check to see if the IP matches, followed by a browser and whatnot. It's overkill, but you should also see HOW they are doing it as well, and you could implement the block to work on a number of factors.
If they are uploading to just stall you out, talk to the ISP and let them know you are getting DDOS and get their network admins involved.
You could change the filename, but maybe that's too simple a suggestion? If it is for your personal use, rename the upload page to Michelles_dumb_upload_script.php or even have a cron job that randomly changes the name of the file and emails you the new name when it is done.
OH, and check your email sending server for dates and such. According to the headers, you sent the email this morning. But according to the dates on the sent email, you sent it on the 13th at 4:21 PM which is about 2 days and 15 hours and 32 minutes before you actually did.
Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
