Re: How to prevent DoS on PHP script?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michelle Konzack wrote:
************************************************************************
*       Do not Cc: me, because I READ THIS LIST, if I write here       *
*    Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe    *
************************************************************************

Hello,

on my "devel" server I have a script, which allow me  to  upload  Debian
packages which then are included in my private Debian mirror.

Now I have gotten several 1000 hits in the last days.  I call it DoS.

There are idiots who have tried to upload shit on my Webspace but  since
I check it to be ONLY Debian files they where not successful.

My biggest problem is, that the "/fileupload.php" was always  references
from outside my webspace.  OK, I was thinking  this  can  be  solved  by
using HTTP_REFERER which has then worked for some  days  but  NOW  those
pigs are back and sending spoofed HTTP_REFERER.

Since I have only a VHost @ISP I can not  go  deeper  into  the  Apache2
config what I have done when I was running my own server.

Can anyone suggest me something, how to block requests from outside?

Size limitation is not possibel, since some of my upload files are  very
huge and I must be able to  upload  files  without  Laptop  and  FTP/SCP
access.

There's a number of things you can try, depending on what EXACTLY they are doing.

If they are uploading things to your server which they then reference, it is a simple apache configuration that you could do. For instance, you can upload fine to my server, but once it is there, the system knows nothing about it. You can see the file all day long, but nothing is going to allow it to get served back to you.

If they are continuing to load the page, implement a simple login and page check for that specific page. Sure, apache loads the page, but that's done PDQ instead of letting them upload a file first. If the login works, great, give them the upload form, otherwise error them out. You could snag the IP address, browser type, other information and store it all in a DB, then do a quick check to see if the IP matches, followed by a browser and whatnot. It's overkill, but you should also see HOW they are doing it as well, and you could implement the block to work on a number of factors.

If they are uploading to just stall you out, talk to the ISP and let them know you are getting DDOS and get their network admins involved.

You could change the filename, but maybe that's too simple a suggestion? If it is for your personal use, rename the upload page to Michelles_dumb_upload_script.php or even have a cron job that randomly changes the name of the file and emails you the new name when it is done.

OH, and check your email sending server for dates and such. According to the headers, you sent the email this morning. But according to the dates on the sent email, you sent it on the 13th at 4:21 PM which is about 2 days and 15 hours and 32 minutes before you actually did.

Wolf


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux