|
| Home | Accessibility | Courses | Diary | The Mouth | Forum | Resources | Site Map | About Us | Contact |
Spotting a denial of service attack
Our web site traffic rose from 37000 hits last Wednesday to 64000 hits on Thursday. Good sales and marketing activity on our part? No - it's a potential problem; all the extra traffic came from a single location and my immediate concerns included:
* Possible denial of service, where all the bandwidth was being eaten up by the visitor.
* What use were they making of what was approaching a complete copy of the site?
* Potential extra costs if we were to hit our traffic ceiling
On this occasion, I noticed that we had a problem on Friday when I looked at the previous day's log analysis and spotted the problem sticking out like a sore thumb. I spent a couple of hours yesterday investigating more thoroughly, and putting a filter in place to cap aggressive browsing as it happens - a piece of PHP some 30 or 40 lines long. PHP's a powerful language, so in those lines I'm also able to add a permanent record of the potential abuse to a database ...
If you want to read more, I've put a technical analysis and sample PHP script in our solution centre.
(written 2005-06-12 07:17:19)
A603 - Web Application Deployment - Further httpd Configuration
H117 - Security in PHP
H112 - PHP - Further Web Page and Network Handling
Graveyard pages
Frightening and from-friend viruses and spams
No Smoking Pubs
Spotting a denial of service attack
Walk in Bath
Should I use structured or object oriented?
The evening after the course
Happy Birthday, PHP
Code and code maintainance efficiency
This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.
Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
* Possible denial of service, where all the bandwidth was being eaten up by the visitor.
* What use were they making of what was approaching a complete copy of the site?
* Potential extra costs if we were to hit our traffic ceiling
On this occasion, I noticed that we had a problem on Friday when I looked at the previous day's log analysis and spotted the problem sticking out like a sore thumb. I spent a couple of hours yesterday investigating more thoroughly, and putting a filter in place to cap aggressive browsing as it happens - a piece of PHP some 30 or 40 lines long. PHP's a powerful language, so in those lines I'm also able to add a permanent record of the potential abuse to a database ...
If you want to read more, I've put a technical analysis and sample PHP script in our solution centre.
(written 2005-06-12 07:17:19)
Associated topics are indexed under
W512 - Web and Intranet - Site Design AspectsA603 - Web Application Deployment - Further httpd Configuration
H117 - Security in PHP
H112 - PHP - Further Web Page and Network Handling
| Back to Walk in Bath |
Previous and next or Horse's mouth home |
Forward to No Smoking Pubs |
Some other Articles
Comments in TclGraveyard pages
Frightening and from-friend viruses and spams
No Smoking Pubs
Spotting a denial of service attack
Walk in Bath
Should I use structured or object oriented?
The evening after the course
Happy Birthday, PHP
Code and code maintainance efficiency
1638 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33 at 50 posts per pageThis is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.
Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
PH: 01144 1225 708225 • FAX: 01144 1225 707126 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho