UserName
Thu 2nd Nov '00, 1:27am
Here's my problem - certain people are making 100's of vB page requests per second on my site and crashing it repeatedly because of the enormous number of MySQL processes. We have determined that some of these people are simply running offline browsers and email grabbing spiders, but we also believe that some of them might be malicious. This is not an isolated problem with my hardware, as I believe that you could bring down most vB sites by simply reloading a page as fast as you can for a few minutes.
I have started using an .htaccess to block offline browsers and specific spiders, but most of these programs can be run in "stealth" mode where they send a User Agent that looks like Internet Explorer. So, the simple solution is not going to work.
What I would like to know from some of the MySQL gurus and programming experts here is what can be done to stop this?
I talked to one code hacker who suggested that we might be able to write a script that would monitor the server logs and watch for any single IP address that makes more than X number of requests in a 1 minute period, and then, when found, the script could boot that IP from the site using an .htaccess file that would be updated dynamically by the script. The IP would then remain blocked for an hour and then be dropped from the .htaccess and allowed back into the site. Because of the nature of dynamic IP's, we couldn't permanently ban IP's.
If this is possible, and if it wouldn't eat more server resources than it would save, does this sound like a reasonable solution to those in the know?
I know that there is no way to block a full on DOS attack, but I don't get the feeling that these people are pros - they either don't understand what they're doing to the site or they are just being annoying to have some fun. I'm fairly sure that finding a way to block their IP when it starts to happen would cause them to get bored and go away.
Any thoughts on the solution and how hard it would be to write a script to do something like this?
I have started using an .htaccess to block offline browsers and specific spiders, but most of these programs can be run in "stealth" mode where they send a User Agent that looks like Internet Explorer. So, the simple solution is not going to work.
What I would like to know from some of the MySQL gurus and programming experts here is what can be done to stop this?
I talked to one code hacker who suggested that we might be able to write a script that would monitor the server logs and watch for any single IP address that makes more than X number of requests in a 1 minute period, and then, when found, the script could boot that IP from the site using an .htaccess file that would be updated dynamically by the script. The IP would then remain blocked for an hour and then be dropped from the .htaccess and allowed back into the site. Because of the nature of dynamic IP's, we couldn't permanently ban IP's.
If this is possible, and if it wouldn't eat more server resources than it would save, does this sound like a reasonable solution to those in the know?
I know that there is no way to block a full on DOS attack, but I don't get the feeling that these people are pros - they either don't understand what they're doing to the site or they are just being annoying to have some fun. I'm fairly sure that finding a way to block their IP when it starts to happen would cause them to get bored and go away.
Any thoughts on the solution and how hard it would be to write a script to do something like this?