A Flash Developer Resource Site

Page 11 of 19 FirstFirst ... 789101112131415 ... LastLast
Results 201 to 220 of 378

Thread: KoolExchange

  1. #201
    up to my .as in code Chris_Seahorn's Avatar
    Join Date
    Dec 2004
    Posts
    4,389
    Read back...I added. It can halt a server by exceeding. Granted I think Remus supplies the space but even he may be held to limits (maybe not). Someone was attacking with that mindset though.

    Everyone has run into a webpage with that error showing (exceeded limit). That is the kind of thing that causes it

  2. #202
    Steve R swrzzzz's Avatar
    Join Date
    Jan 2005
    Location
    Leicestershire,UK
    Posts
    195
    I totally understood you Chris I just don't understand the mindset of wanting to do that.

    Steve

  3. #203
    undead creature necromanthus's Avatar
    Join Date
    Feb 2002
    Location
    ROM
    Posts
    1,890
    Quote Originally Posted by w.brants
    The server is fine.
    It is downloaded that much
    Allmost all from one IP address that traces back to a host in Rio de Janeiro.
    It looks like someone was trying to attack the Exchange or just being funny.

    I don't know how many times it is loaded by someone else. Do you have a suggestion to what value I should reset the counter ?
    The strange part is that "attack" is related to a single file:
    Steve Reynolds's "multipage dynamic content".

  4. #204
    up to my .as in code Chris_Seahorn's Avatar
    Join Date
    Dec 2004
    Posts
    4,389
    I gave up wondering long ago. There are just these types of people out there.

  5. #205
    up to my .as in code Chris_Seahorn's Avatar
    Join Date
    Dec 2004
    Posts
    4,389
    I think they attacked that one because it's number one on the list. Easy to repetitively hit the way we have it setup. He didn't have to scroll each time to select it or page through anything. It was a convenient file so to speak

  6. #206
    Senior Member
    Join Date
    Dec 2002
    Location
    Netherlands
    Posts
    1,632
    Chris, I did both front and backend (PHP / MySQL).

    The problem with a download protection is that it also might affect people who want to download a few different items and mean no harm or want to restart a download because something went wrong.
    Maybe an IP block mightbe a solution if it occurs again from the same IP range.

    The counter is already designed to only count downloads that are fully completed. That user did download 53 megabyte so I think he/she was going for a bandwidth exceed.

  7. #207
    up to my .as in code Chris_Seahorn's Avatar
    Join Date
    Dec 2004
    Posts
    4,389
    Quote Originally Posted by w.brants
    That user did download 53 megabyte so I think he/she was going for a bandwidth exceed.
    Definitely. Dirty little tactic.

  8. #208
    up to my .as in code Chris_Seahorn's Avatar
    Join Date
    Dec 2004
    Posts
    4,389
    It's Wilberts movie. It's his to fix his way within his scope.

  9. #209
    Senior Member
    Join Date
    Dec 2002
    Location
    Netherlands
    Posts
    1,632
    Well, fortunately the limit is much higher.

    I could implement a daily maximum per ip address. A cronjob could clear it once a day so it won't take up any time once implemented. Do you think such measures are required and if so, what daily maximum should be fair.

  10. #210
    up to my .as in code Chris_Seahorn's Avatar
    Join Date
    Dec 2004
    Posts
    4,389
    Edited out for lack of interest. It's Wilberts movie. It's his to fix his way within his scope.

  11. #211
    Steve R swrzzzz's Avatar
    Join Date
    Jan 2005
    Location
    Leicestershire,UK
    Posts
    195
    As long as you have done the load once - can't you work out what the url for the file was and just hit that over and over without going through the movie?

    I tried it but I won't put the URL here. It would take 2 mins to write a program to hammer that.

    Cheers

    Steve

  12. #212

  13. #213
    Steve R swrzzzz's Avatar
    Join Date
    Jan 2005
    Location
    Leicestershire,UK
    Posts
    195
    but the path isnt obfuscated I worked it out in less that a minute

    Steve

  14. #214
    up to my .as in code Chris_Seahorn's Avatar
    Join Date
    Dec 2004
    Posts
    4,389
    but the path isnt obfuscated I worked it out in less that a minute
    Then add that the list of things to do.

  15. #215
    That web bloke Stoke Laurie's Avatar
    Join Date
    Jan 2006
    Location
    England
    Posts
    869
    Quote Originally Posted by swrzzzz
    BTW - Stoke - 300+? Eat your heart out!
    Steve
    And here was I feelin so proud that you were doing so well!!!! ha ha
    must go, need get in out of this Rio sun its a killer!!!!!!
    Just goes to prove what we always say here in Stoke, pays to keep your backends covered!

  16. #216
    Senior Member
    Join Date
    Dec 2002
    Location
    Netherlands
    Posts
    1,632
    I will implement a restriction on how much someone can download in a short period of time. As for obfuscating the download url, I don't see a real advantage. Swf is an open file format so the decoding routine could always easily be traced and broken. You don't even have to have swf knowledge for that. A network monitor will do.

    Every solution so far I thought of isn't secure. Http and post headers can be forged, network traffic can be monitored. If someone really wants to do harm they will find a way I'm afraid.

    Sure I could implement some problems like displaying a graphic that shows a code that has to be entered before a download etc. but that will also affect the majority of the people that means no harm.

  17. #217
    up to my .as in code Chris_Seahorn's Avatar
    Join Date
    Dec 2004
    Posts
    4,389
    Ok. You do whatever you think is best Wilbert. It's your source, your design and your backends so who better than you to decide anything.

  18. #218
    Senior Member
    Join Date
    Dec 2002
    Location
    Netherlands
    Posts
    1,632
    Quote Originally Posted by Chris_Seahorn
    You do whatever you think is best Wilbert.
    I hope it's solved now.
    I added some restrictions.

  19. #219
    undead creature necromanthus's Avatar
    Join Date
    Feb 2002
    Location
    ROM
    Posts
    1,890
    Quote Originally Posted by w.brants
    I hope it's solved now.
    I added some restrictions.
    A good idea is to remove all the FUN files, to compress them and to upload the ZIP files.
    The FUN file (in fact a TEXT file) is a waste of bandwidth for everyone.
    Of course, starting with KM 5.6, FUN files are compressed by default.
    But until then ...

  20. #220
    up to my .as in code Chris_Seahorn's Avatar
    Join Date
    Dec 2004
    Posts
    4,389
    The counter is already designed to only count downloads that are fully completed. That user did download 53 megabyte so I think he/she was going for a bandwidth exceed.
    Wanted to mention that you might want to double check that. A user can initiate and then cancel a download and drive up the totals......still.

    Since we recently were debating the need for Flash 8 exports...it's fitting to mention that tracking the oncomplete status of a download is an F8 nicety.

    http://livedocs.macromedia.com/flash...=00002210.html

    The current download routine acts (and is flawed as mentioned above) like previous Flash versions were.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center