Tweet
Floodcheck fails when using "reply" - member crashed my site at my request!
I am running 3.08 and was talking to a member of mine who told me he could crash my server any time he wanted to. Fortunately, this is actually a reputable member, so nothing malicious was intended. I did not believe him, and asked for a demonstration.
Sure enough, 10 seconds later my server was 100% down, with the "Cannot connect to database" error.
I asked him how he did it and here are the steps:
1. Go into a long thread - this particular thread has over 6900 pages of posts (20 posts per page x 6900 pages = 138,000 posts)
2. Click "Reply" (not quick reply)
3. Enter any content for the post
4. Press ALT+S repeatedly, and as fast as you can. NOTE: You must use IE for this to work.
For some reason the flood check does not work, the server tries to post all the responses (successfully, I might add) and the server comes crashing down fairly often. This is more of a problem when lots of users are online.
Apparently my users are "kind" enough to do this in the middle of the night so my site is not impacted, nor are users. But still - this is an issue.
Floodcheck was set to 15 seconds. However, I have had it as high as 60 seconds and he says it makes absolutely no difference.
What's the fix?
Sure enough, 10 seconds later my server was 100% down, with the "Cannot connect to database" error.
I asked him how he did it and here are the steps:
1. Go into a long thread - this particular thread has over 6900 pages of posts (20 posts per page x 6900 pages = 138,000 posts)
2. Click "Reply" (not quick reply)
3. Enter any content for the post
4. Press ALT+S repeatedly, and as fast as you can. NOTE: You must use IE for this to work.
For some reason the flood check does not work, the server tries to post all the responses (successfully, I might add) and the server comes crashing down fairly often. This is more of a problem when lots of users are online.
Apparently my users are "kind" enough to do this in the middle of the night so my site is not impacted, nor are users. But still - this is an issue.
Floodcheck was set to 15 seconds. However, I have had it as high as 60 seconds and he says it makes absolutely no difference.
What's the fix?
Comment