how to flood protect a website..
Moderator: General Moderators
how to flood protect a website..
hi i dont have a example otherwise i probably wouldnt need the help,but can anyone help me on my way how to protect a website from being attacked .
few days ago a friend and myself got suddenly over 500 visitors on the site that cause the site to drop dead instantly.
Believe me thats not funny,so can anyone help help me with some code or where i can find it.
maybe a code that not more then 20 or 30 people can visit all at once.just an idea.
Anyone know of such code or has a better idea ?
Thanks
few days ago a friend and myself got suddenly over 500 visitors on the site that cause the site to drop dead instantly.
Believe me thats not funny,so can anyone help help me with some code or where i can find it.
maybe a code that not more then 20 or 30 people can visit all at once.just an idea.
Anyone know of such code or has a better idea ?
Thanks
-
microthick
- Forum Regular
- Posts: 543
- Joined: Wed Sep 24, 2003 2:15 pm
- Location: Vancouver, BC
Look into changing some of the settings in your Apache web servers's httpd.conf. Particularly, look at the settings:
MaxKeepAliveRequests
KeepAliveTimeout
MaxRequestsPerChild
ThreadsPerChild
You might also want to look at http://www.freshmeat.net or http://www.sourceforge.net for mods that will particularly help you in this type of situation.
If you only want to use php, you could consider counting how many session files you have in your session folder. If number of files > 30, then display some stock html file.
MaxKeepAliveRequests
KeepAliveTimeout
MaxRequestsPerChild
ThreadsPerChild
You might also want to look at http://www.freshmeat.net or http://www.sourceforge.net for mods that will particularly help you in this type of situation.
If you only want to use php, you could consider counting how many session files you have in your session folder. If number of files > 30, then display some stock html file.
hi thanx for reply,no its not my host.
the website runs phpnuke and is secure enough but they manage it somehow to flood the system so i got more then 500 visitors online,hammering sometimes on my index.php
but also some connections like....fake example..
200.116.091.122
200.116.091.123
200.116.091.124
200.116.091.125
200.116.091.126
Get the idea...
so i hoped there is some code around that can prevent it...
the website runs phpnuke and is secure enough but they manage it somehow to flood the system so i got more then 500 visitors online,hammering sometimes on my index.php
but also some connections like....fake example..
200.116.091.122
200.116.091.123
200.116.091.124
200.116.091.125
200.116.091.126
Get the idea...
so i hoped there is some code around that can prevent it...
are you saying that you are getting DOS'ed ? If so, why not jsut report it to your host, and have them take care of it? Because (and if i'm wrong with this, please someone step in ), I don't think you are gonna be able to prevent such attacks with php UNLESS you know how to write a dos protection program.. which i don't think i've ever seen one for php out on the net.
is your first page a php page? your index a index.php?
if not, redirect the index.htm to load on index.php
and count users as they get to your page... there are counters out there that will display the # of users on your site at any given time ( phpBB does this, and i'm pretty sure you coudl use it's counter, or another counter on like http://www.hotscripts.com or http://www.evilwalrus.com or find one on google ), so say something like
If ($user_count >450)
{
echo 'Sorry, the page is too busy. Try again Later.';
exit;
}
// continue on...
or maybe add a field to your table called Break_point or something, and when the counter hits 450, add a 1 to it, and when the page loads, have it check it every time :
select breakpoint from mytable.
if ($row['breakpoint'] == '1')
{
echo 'Sorry, the page is too busy. Try again Later.';
exit;
}
if not, redirect the index.htm to load on index.php
and count users as they get to your page... there are counters out there that will display the # of users on your site at any given time ( phpBB does this, and i'm pretty sure you coudl use it's counter, or another counter on like http://www.hotscripts.com or http://www.evilwalrus.com or find one on google ), so say something like
If ($user_count >450)
{
echo 'Sorry, the page is too busy. Try again Later.';
exit;
}
// continue on...
or maybe add a field to your table called Break_point or something, and when the counter hits 450, add a 1 to it, and when the page loads, have it check it every time :
select breakpoint from mytable.
if ($row['breakpoint'] == '1')
{
echo 'Sorry, the page is too busy. Try again Later.';
exit;
}
it's really not that hard. i don't have the time unfortunately to do the entire thing for you, as i have other projects that i have to do myself, so i can only give you methods and suggestions. you'll have to do this yourself or somenoe else that has the time might post a complete solution.
but the code i gave you is merely ideas in which to impliment a strategy.
go to the sites i posted and look for counters that display the total users on your page. when you get that code, and put it in your index.php code, post it ( excluding any sensative data such as username/passwords for the site, or for your database ), and then we'll help you out from there.
but, i'll at least give you a very short and simple way to do this :
#1 Create a field in a table called Break_Point. Set it as an integer field.
#2. after the counter portion that you added to tell how many users you have on your page, put this code ( replace variables as needed to reflect what it shoudl be ):
and at the beginning of your page, do something like this :
maybe there is a better method than this, but this is whati've come up with so use it at your own risk. shoudl work even though it's untested.
hope this helps...
but the code i gave you is merely ideas in which to impliment a strategy.
go to the sites i posted and look for counters that display the total users on your page. when you get that code, and put it in your index.php code, post it ( excluding any sensative data such as username/passwords for the site, or for your database ), and then we'll help you out from there.
but, i'll at least give you a very short and simple way to do this :
#1 Create a field in a table called Break_Point. Set it as an integer field.
#2. after the counter portion that you added to tell how many users you have on your page, put this code ( replace variables as needed to reflect what it shoudl be ):
Code: Select all
// after end of counter code..
if ($count_users > 450)
{
$sql="UPDATE mytable set Break_Point ='1'";
mysql_query($sql);
}
elseif ($count_user<450)
{
$sql="select Break_Point from mytable";
$result=mysql_query($sql);
$row=mysql_fetch_assoc($sql);
if ($row['Break_Point'] == '1')
{
mysql_query("UPDATE my_table set Break_Point='0' where Break_Point = '1'");
}
}Code: Select all
<?php
// connect to mysql, select db then check :
$sql = "Select Break_Point from my_table";
$result = mysql_query($sql);
$row=myqsl_fetch_assoc($sql);
if ($row['Break_Point'] == '1')
{
echo 'Sorry, this page is too busy.. Try again later';
exit;
}
// otherwise, continue with the show
?>hope this helps...