Am 2008-06-16 19:24:25, schrieb Wolf:
> There's a number of things you can try, depending on what EXACTLY they
> are doing.
>
> If they are uploading things to your server which they then reference,
> it is a simple apache configuration that you could do. For instance,
> you can upload fine to my server, but once it is there, the system knows
> nothing about it. You can see the file all day long, but nothing is
> going to allow it to get served back to you.
Since the script allow only files like
<PACKAGE_NAME>_X.Y.Z.orig.tar.gz
plus
<PACKAGE_NAME>_X.Y.Z-N.diff.gz
<PACKAGE_NAME>_X.Y.Z-N.desc
<PACKAGE_NAME>_X.Y.Z-N.changes
and then many
<PACKAGE_NAME>_X.Y.Z-N_<ARCH>.deb
So, you can see, it is an upload script for a private Debian mirror. So
the thing with the fileupload is AFTER the upload solved, since ANY non
Debian Source/Binary Packages are droped AFTER download. But as someone
has already mentioned, PHP can only check this AFTER the upload where
the DoS already happened..
> If they are continuing to load the page, implement a simple login and
> page check for that specific page. Sure, apache loads the page, but
For now, I will go the way over two/three pages like
index.php -> mirror_admin.php -> mirror_upload.php
set a check the
session cookie session cookie
OK, on my server those three scripts are the same since I have ONLY a
"index.php" on my server and the rest is done by PHP but this should be
no problem.
> that's done PDQ instead of letting them upload a file first. If the
> login works, great, give them the upload form, otherwise error them out.
> You could snag the IP address, browser type, other information and
> store it all in a DB, then do a quick check to see if the IP matches,
> followed by a browser and whatnot. It's overkill, but you should also
> see HOW they are doing it as well, and you could implement the block to
> work on a number of factors.
>
> If they are uploading to just stall you out, talk to the ISP and let
> them know you are getting DDOS and get their network admins involved.
Currently I have gotten arround 3000 uploads in the last 3 weeks and my
ISP allow me only 100 GByte traffic which mean, if the Uploads increase
I will run into troubles.
> You could change the filename, but maybe that's too simple a suggestion?
> If it is for your personal use, rename the upload page to
> Michelles_dumb_upload_script.php or even have a cron job that randomly
> changes the name of the file and emails you the new name when it is done.
Using a simple md5sum name which is generated by "foo${date}bar" would
do it nicely... and screw up crackers and script kiddies...
> OH, and check your email sending server for dates and such. According
> to the headers, you sent the email this morning. But according to the
> dates on the sent email, you sent it on the 13th at 4:21 PM which is
> about 2 days and 15 hours and 32 minutes before you actually did.
Where I live, I have NO phone line and NO internet connection so I am
forced to write Off-Line and then in the afternooon/evening I go into
the Internet Cafee and send my stuff...
Note: I have problems, geting my "Nokia 6120 classic" and my
"Merlin U630" runing, which would solv my E-Mail problem.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
<<attachment: signature.pgp>>
