-
09-08-2006, 08:42 AM
#201
up to my .as in code
Read back...I added. It can halt a server by exceeding. Granted I think Remus supplies the space but even he may be held to limits (maybe not). Someone was attacking with that mindset though.
Everyone has run into a webpage with that error showing (exceeded limit). That is the kind of thing that causes it
-
09-08-2006, 08:47 AM
#202
Steve R
I totally understood you Chris I just don't understand the mindset of wanting to do that.
Steve
-
09-08-2006, 08:54 AM
#203
undead creature
Originally Posted by w.brants
The server is fine.
It is downloaded that much
Allmost all from one IP address that traces back to a host in Rio de Janeiro.
It looks like someone was trying to attack the Exchange or just being funny.
I don't know how many times it is loaded by someone else. Do you have a suggestion to what value I should reset the counter ?
The strange part is that "attack" is related to a single file:
Steve Reynolds's "multipage dynamic content".
-
09-08-2006, 08:57 AM
#204
up to my .as in code
I gave up wondering long ago. There are just these types of people out there.
Last edited by Chris_Seahorn; 09-08-2006 at 04:23 PM.
-
09-08-2006, 08:58 AM
#205
up to my .as in code
I think they attacked that one because it's number one on the list. Easy to repetitively hit the way we have it setup. He didn't have to scroll each time to select it or page through anything. It was a convenient file so to speak
-
09-08-2006, 09:01 AM
#206
Chris, I did both front and backend (PHP / MySQL).
The problem with a download protection is that it also might affect people who want to download a few different items and mean no harm or want to restart a download because something went wrong.
Maybe an IP block mightbe a solution if it occurs again from the same IP range.
The counter is already designed to only count downloads that are fully completed. That user did download 53 megabyte so I think he/she was going for a bandwidth exceed.
-
09-08-2006, 09:03 AM
#207
up to my .as in code
Originally Posted by w.brants
That user did download 53 megabyte so I think he/she was going for a bandwidth exceed.
Definitely. Dirty little tactic.
Last edited by Chris_Seahorn; 09-08-2006 at 03:41 PM.
-
09-08-2006, 09:11 AM
#208
up to my .as in code
It's Wilberts movie. It's his to fix his way within his scope.
Last edited by Chris_Seahorn; 09-08-2006 at 04:22 PM.
-
09-08-2006, 09:43 AM
#209
Well, fortunately the limit is much higher.
I could implement a daily maximum per ip address. A cronjob could clear it once a day so it won't take up any time once implemented. Do you think such measures are required and if so, what daily maximum should be fair.
-
09-08-2006, 09:58 AM
#210
up to my .as in code
Edited out for lack of interest. It's Wilberts movie. It's his to fix his way within his scope.
Last edited by Chris_Seahorn; 09-08-2006 at 04:23 PM.
-
09-08-2006, 12:10 PM
#211
Steve R
As long as you have done the load once - can't you work out what the url for the file was and just hit that over and over without going through the movie?
I tried it but I won't put the URL here. It would take 2 mins to write a program to hammer that.
Cheers
Steve
-
09-08-2006, 12:18 PM
#212
up to my .as in code
EDITED out by me. He's on his own.
Last edited by Chris_Seahorn; 09-08-2006 at 04:19 PM.
-
09-08-2006, 12:20 PM
#213
Steve R
but the path isnt obfuscated I worked it out in less that a minute
Steve
-
09-08-2006, 12:23 PM
#214
up to my .as in code
but the path isnt obfuscated I worked it out in less that a minute
Then add that the list of things to do.
Last edited by Chris_Seahorn; 09-08-2006 at 03:42 PM.
-
09-08-2006, 01:37 PM
#215
That web bloke
Originally Posted by swrzzzz
BTW - Stoke - 300+? Eat your heart out!
Steve
And here was I feelin so proud that you were doing so well!!!! ha ha
must go, need get in out of this Rio sun its a killer!!!!!!
Just goes to prove what we always say here in Stoke, pays to keep your backends covered!
Last edited by Stoke Laurie; 09-08-2006 at 01:40 PM.
-
09-08-2006, 02:04 PM
#216
I will implement a restriction on how much someone can download in a short period of time. As for obfuscating the download url, I don't see a real advantage. Swf is an open file format so the decoding routine could always easily be traced and broken. You don't even have to have swf knowledge for that. A network monitor will do.
Every solution so far I thought of isn't secure. Http and post headers can be forged, network traffic can be monitored. If someone really wants to do harm they will find a way I'm afraid.
Sure I could implement some problems like displaying a graphic that shows a code that has to be entered before a download etc. but that will also affect the majority of the people that means no harm.
-
09-08-2006, 02:08 PM
#217
up to my .as in code
Ok. You do whatever you think is best Wilbert. It's your source, your design and your backends so who better than you to decide anything.
Last edited by Chris_Seahorn; 09-08-2006 at 04:25 PM.
-
09-09-2006, 02:25 AM
#218
Originally Posted by Chris_Seahorn
You do whatever you think is best Wilbert.
I hope it's solved now.
I added some restrictions.
-
09-09-2006, 09:29 AM
#219
undead creature
Originally Posted by w.brants
I hope it's solved now.
I added some restrictions.
A good idea is to remove all the FUN files, to compress them and to upload the ZIP files.
The FUN file (in fact a TEXT file) is a waste of bandwidth for everyone.
Of course, starting with KM 5.6, FUN files are compressed by default.
But until then ...
-
09-16-2006, 12:45 PM
#220
up to my .as in code
The counter is already designed to only count downloads that are fully completed. That user did download 53 megabyte so I think he/she was going for a bandwidth exceed.
Wanted to mention that you might want to double check that. A user can initiate and then cancel a download and drive up the totals......still.
Since we recently were debating the need for Flash 8 exports...it's fitting to mention that tracking the oncomplete status of a download is an F8 nicety.
http://livedocs.macromedia.com/flash...=00002210.html
The current download routine acts (and is flawed as mentioned above) like previous Flash versions were.
Last edited by Chris_Seahorn; 09-16-2006 at 12:58 PM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|