Help with a simple anti-flood script
Author |
Message |
HelloWorld
|
Posted: Thu May 21, 2009 4:23 am Post subject: Help with a simple anti-flood script |
|
|
Hi,
I run a website which provides access to tools such as Ping and Traceroute. I need to limit the number of requests per page from each user alone. Otherwise my site will end up being used for ddos attacks, which in turn will get my site blacklisted.
So I would like a script that works on a per page basis, and limit the number of times they can use the tool on that page to a few times a minute.
I haven't learned about mysql yet, and I'd really like just a simple script (as long as it will work to prevent abuse while not interfering with other users).
I'm really not sure how to go about doing this. Can someone help me out, or at least point me in the right direction?
I really need to implement this script as soon as possible. Thank you. |
|
|
|
|
|
Sponsor Sponsor
|
|
|
DtY
|
Posted: Thu May 21, 2009 7:01 am Post subject: RE:Help with a simple anti-flood script |
|
|
What you want are sessions: http://www.tizag.com/phpT/phpsessions.php
They wont do the job perfectly though, if the user has cookies off, you can make it either not work at all, or it will just work, but let the user use it as much as they want.
A better way would be to use MySQL, and limit by IP Address. |
|
|
|
|
|
Dan
|
Posted: Thu May 21, 2009 11:33 am Post subject: RE:Help with a simple anti-flood script |
|
|
You realy should be limiting the number of requests by IP address of the requester and the ip or host name being pinged or tracerouted.
However a simple way to stop bots is a captcha and there are free services witch provide them if you don't want to make your own: http://recaptcha.net/ |
Computer Science Canada
Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more! |
|
|
|
|
HelloWorld
|
Posted: Thu May 21, 2009 2:08 pm Post subject: RE:Help with a simple anti-flood script |
|
|
Well, looks like I'll have to learn about mysql and limit requests by IP.
I know I could use a captcha, but I don't want to annoy my visitors (I know captchas annoy me). |
|
|
|
|
|
HelloWorld
|
Posted: Thu May 21, 2009 4:30 pm Post subject: RE:Help with a simple anti-flood script |
|
|
If anyone could direct me to a site or tutorial that can help me out with this, that would be great.
Thanks. |
|
|
|
|
|
HelloWorld
|
Posted: Thu May 21, 2009 7:22 pm Post subject: RE:Help with a simple anti-flood script |
|
|
Well, I added a captcha but just temporarily until I can figure out how to write a proper script. |
|
|
|
|
|
DtY
|
Posted: Thu May 21, 2009 8:38 pm Post subject: Re: RE:Help with a simple anti-flood script |
|
|
HelloWorld @ Thu May 21, 2009 7:22 pm wrote: Well, I added a captcha but just temporarily until I can figure out how to write a proper script.
Captchas might be good every twenty or so times anyway. There's barely any reason to need to do that much, remotely. |
|
|
|
|
|
Dan
|
Posted: Thu May 21, 2009 9:04 pm Post subject: Re: RE:Help with a simple anti-flood script |
|
|
DtY @ 21st May 2009, 8:38 pm wrote: HelloWorld @ Thu May 21, 2009 7:22 pm wrote: Well, I added a captcha but just temporarily until I can figure out how to write a proper script.
Captchas might be good every twenty or so times anyway. There's barely any reason to need to do that much, remotely.
If you only do the captcha 1 in 20 times then the bot gets threw 1 in 20 times, making it almost pointless since it will only fail 1 in 20 times. It may make sence to only show a captchac if the same IP has requested a ping to many times but then you still need somthing to keep track of the IPs.
@HelloWorld you don't nessarly need to use MySQL, you could also use some other DBMS (data base mangment system) such as postgress or sqlite or you could use a file. However a relation DBMS like MySQL is porably your best bet, here is a link to a few tutorals using MySQL with PHP:
http://www.freewebmasterhelp.com/tutorials/phpmysql
http://www.w3schools.com/PHP/php_mysql_intro.asp
http://dev.mysql.com/usingmysql/php/
And the PHP manual's chaptor on MySql:
http://ca3.php.net/manual/en/book.mysql.php |
Computer Science Canada
Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more! |
|
|
|
|
Sponsor Sponsor
|
|
|
DtY
|
Posted: Fri May 22, 2009 7:02 am Post subject: Re: RE:Help with a simple anti-flood script |
|
|
Dan @ Thu May 21, 2009 9:04 pm wrote: DtY @ 21st May 2009, 8:38 pm wrote: HelloWorld @ Thu May 21, 2009 7:22 pm wrote: Well, I added a captcha but just temporarily until I can figure out how to write a proper script.
Captchas might be good every twenty or so times anyway. There's barely any reason to need to do that much, remotely.
If you only do the captcha 1 in 20 times then the bot gets threw 1 in 20 times, making it almost pointless since it will only fail 1 in 20 times. It may make sence to only show a captchac if the same IP has requested a ping to many times but then you still need somthing to keep track of the IPs.
That's what I meant by every twenty times |
|
|
|
|
|
sudn3sc3d
|
Posted: Sat May 30, 2009 9:41 pm Post subject: RE:Help with a simple anti-flood script |
|
|
HelloWorld,
Implement cookies, also check the referer on the form processing page to validate that the form is actually being submitted from your website. You can also put hidden values in your form.
Re-captcha always works too.
If you are running this website on a dedicated server/VPS and getting looooads of traffic, you can get a bunch of extra IPs, bind them to your server, and use cronjobs to rotate IPs every x mins.
This way, you will be utilizing all the IP addresses on your server and not doing all activity from a single IP.
Good luck! |
|
|
|
|
|
|
|