Change yer script so it cant be loaded by the same IP x amount per second or something. :P Put a timing script in the middle which just counts to 40 :P heheheh

Well, unfortunately, the site is based around people using this script (not abusing it). The ip thing might work, except its still going to take some effort in the database to keep a record of ips.

Is the script run from a link on the webpages... or is it something a user enters?

If it is called from another page on your server, you can check referer, and if it is not local, deny the requset.

Easy bit of perl to add to a script- skicky me if that would help!

dave

If you put a 5-second delay after the script runs and before it will run again for the same IP, then the worst thing that can happen is that a legitimate user gets held off for 5 seconds if he tries to reinvoke the script immediately after running it. However, one execution every 5 seconds by the bad guy is not going to crash your server. Just balance the needs of your legitimate users against slowing down the bad guy until you can put a more permanent solution in place. You need to consider the number of legitimate users and how often they invoke the script, plus how many IP addresses you will have to keep track of for how long (five seconds in the above example). Also, if you can easily identify legitimate-user IP addresses, then you don't even have to track those users.

Just a few ideas...

Jim

Thank you for your suggestions. I looked through the logs in some detail and determined that the DOS'ed requests were coming in using the "GET" method, and the script is set up so that everything should be "POST"ed, so I checked for that and things have stopped for now.

Is this something authorities would get into? I'm fairly sure that the first ip address this guy was using is actually a permanent ip (cable/dsl). Unfortunately, it traces to the uk, and I'm in the US.

as annoying as it all is, I doubt it is worth going after. Complain to the ISP, and if they are a good ISP, they may even drop him.... but he'll turn up somewhere else...

Bullet-proff your site is the best thing you can do!

If you want your scripts to only be run from your site, put this near the very top of the script, so it is the first thing done:

@referers = ("your.domain.name" , "your.IP.add.ress" );

# Check the referer.
check_refer();

Then, add this near the bottom, the check referer sub routine:

sub check_refer {

if ($ENV{"HTTP_REFERER"}) {
foreach $referer (@referers) {
if ($ENV{"HTTP_REFERER"} =~ m¦https?://([^/]*)$referer¦i) {
$check_referer = "1";
last;
}
}

}
else {
$check_referer = "1";
}

if ($check_referer != 1) {
END;
}

}

############### END OF CODE

Good Luck

dave

Whoo Hooo!

100 Posts!

(Sorry!)

Minor warning about using http referrer - some browsers don't set it right. My favorite seems not to, and it took me quite a while to catch on. A user might not have a clue. Of course, it's clearly a browser bug which ought to get fixed, and my favorite browser is quite likely not on you radar screen.

I THINK this will pass the script if there are no referers, or can be modded to do that. I have been using this exact code on production sites for years with no ill effects that I am aware of. ALL my e-mail scripts have this, and I have a site that is all dynamic that uses this in it's scripts, and been ok...

YMMV

dave

Unfortunately, referrers can be spoofed as well. This guy was doing that, as well as spoofing user agents that seemed normal. It was a pain in the ass.