Creating an IP Address counter to limit site access

Forum Moderators: open

Message Too Old, No Replies

Creating an IP Address counter to limit site access

Need to stop abusers

GaryK

5:42 am on Oct 26, 2010 (gmt 0)

I was just shocked to receive a notice from my host that my bandwidth usage for this month has nearly exceeded the 2TB that's part of my hosting package.

I know it's due to buggy scripts people are using to download files I offer for download, but honestly, it's approaching the level of a DDos attack! Several times today alone the server was largely unresponsive.

I want to implement a system that keeps track of site access by IP Address, and ban access for 24 hours to any IP Address that accesses the site more than a set number of times per day.

Do I risk exacerbating the problem by using SQL Server to keep track of the IP Addresses? Is that the best way to implement something like this?

Thanks.

Ocean10000

8:10 pm on Oct 26, 2010 (gmt 0)

Since I know a bit about your Setup Gary. I would just use Global Variables in asp, with the Key being the ip address, the data being tracking data to determine if that ip is going over the limit. Keep it stupid simple if possible. Adding sql for this would add a decent amount of overhead for trash data that you don't really care about long term and that can be recovered from log files if necessary. And if your server resets it won't be the end of the world if you lose this data for the previous hours etc.

GaryK

8:47 pm on Oct 26, 2010 (gmt 0)

Thanks, Owen. I'm still using ASP Classic on the site so that sounds like I should use the Dictionary object. Right?

Ocean10000

12:10 am on Oct 27, 2010 (gmt 0)

Yes a Dictionary Object would work. Why not just use the application object directly for the dictionary instead of creating a new one?

GaryK

4:11 am on Oct 27, 2010 (gmt 0)

I don't understand what you mean. Are you talking about something like a LookupTable?

Ocean10000

1:53 pm on Oct 27, 2010 (gmt 0)

That is exactly what I am talking about. Creating a lookup table, and trying to help you the best place to create it.

GaryK

10:19 pm on Oct 27, 2010 (gmt 0)

Thanks, Owen. I'm not at all familiar with LookupTables, but first I need to find a legit copy of lkuptbl.dll, because I can't find it on any of my servers. Any suggestions?

Ocean10000

2:59 pm on Oct 28, 2010 (gmt 0)

A lookup table, can be a simple dictionary object, with the key being the IP, and the value ( being hit, count and time data). It doesn't have to be extremely fancy to get the job done or use special object class's.

GaryK

5:39 am on Oct 29, 2010 (gmt 0)

I'm not the programmer I used to be and this is getting confusing.

How bad would it be if I used the Dictionary object and stashed it in an Application object so it has global scope?

Is there any risk of corrupting the object due to multiple concurrent access or does ASP handle that for me?

Thanks.

Ocean10000

2:39 pm on Oct 29, 2010 (gmt 0)

This will prevent concurrent from changing the values, but slow down the site slightly when the value changes.

Application.Lock
Application("visits")=Application("visits")+1
Application.Unlock

GaryK

12:31 am on Oct 30, 2010 (gmt 0)

Thanks again Owen.

hal12b

3:20 pm on Nov 1, 2010 (gmt 0)

What about using a cookie that lasts for 24 hours?

GaryK

8:33 pm on Nov 3, 2010 (gmt 0)

Most of the activity on my site is from automated scripts. Are they generally capable of dealing with cookies?

hal12b

8:16 pm on Nov 4, 2010 (gmt 0)

I am not sure...

GaryK

11:00 pm on Nov 4, 2010 (gmt 0)

I had a chat with my sysadmin last night. He knows this particular server really well. In his opinion using a database approach will be fine for this server.

I'll be using a single sproc that takes the IP Address as a parameter to insert a new row along with the date/time in the table each time someone visits the specified pages.

The sproc will return a value indicating how many times the IP Address has accessed that page in the past 24 hours.

If it's more than a set number of times I'll redirect to a page that throws an HTTP 403.6 error.

Sound like a good plan?