Solved

How To Prevent False Reads From Anti-Flood Protection?

Posted on 2010-09-08
6
691 Views
Last Modified: 2013-11-25
Hello

The below code is for redirecting flood attempts to a flood page I have made.  The only problem with the below coding is that sometimes it gives false positives and redirects to the flood page when there is no flood.  It will do this on such things as loggin in to my site, or posting in the forum at times it will do this. The 0.000001 below is the time set for it.

What adjustments can be made to increase the accuracy of the flood protection?

Thanks
Rob

// anti flood protection
if($_SESSION['last_session_request'] > time() - 0.000001 && !$_SESSION['forum_flood'] && !$ir['forummod'] && !$ir['forumadmin']  && !$ir['forumcoder']){
    // users will be redirected to this page if it makes requests faster than 2 seconds
    header("Location: ../flood.php");
    exit;
}
$_SESSION['last_session_request'] = time();
unset($_SESSION['forum_flood']);
 //end anti flood protection
}	

Open in new window

0
Comment
Question by:showmeurgoods
  • 3
  • 2
6 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Please explain a little more... What is the problem you are up against?
0
 

Author Comment

by:showmeurgoods
Comment Utility
Hello

What the code does is send a member/visitor who is excessively reqeusting pages.  This is a flood prevention code.  The issue is that it gives false positives sometimes.  I've tried to adjust the time to be more accurate, but it has not done it.

Are there any adjustments to the code or to the time, which will stop the false positives?

I know there are similar codes online for anti flood, this one is all good except for the 0.00001 which I've tried to adjust to different times, but seems to still give false redirects.

Thanks
Rob
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
Comment Utility
OK, thanks.  about this: "excessively reqeusting pages" -- are these GET requests or are these POSTS to the forum?  What does the ../flood.php page do?

The PHP time() function should give you an integer that changes every second.  Most humans would not request pages faster than once per second.  But with a little added code, we can get to a rate-limit that is subsecond, and therefore less subject to false positives.

I do not know of any server that would cache the time requests.
<?php // RAY_temp_antiflood.php
error_reporting(E_ALL);


// DEMONSTRATE AN ANTI-FLOOD STRATEGY  - RATE LIMITED USING A TIMER
function too_fast()
{
    // DEFINE USEFUL LOCAL CONSTANTS TO LET $pagetime BE A POSITIVE INTEGER - ADJUST THESE
    define('MY_EPOCH', 2000000000.0);
    define('MY_RATER', 5.0);

    // GET THE PSEUDO PAGE LOAD TIME IN FRACTIONAL SECONDS
    // MAN PAGE: http://us.php.net/manual/en/function.microtime.php#83642
    $pagetime = (int)( (round( microtime(true),1) * MY_RATER) - MY_EPOCH);

    // IF THERE IS A TIME IN THE SESSION, IT IS A REPEAT REQUEST
    if (!empty($_SESSION["pagetime"]))
    {
        // IF THE REPEAT IS TOO SOON AFTER THE LAST PAGE LOAD
        if ($_SESSION["pagetime"] >= $pagetime)
        {
            return TRUE;
        }
    }

    // STORE THE CURRENT PAGE LOAD TIME IN THE SESSION
    $_SESSION["pagetime"] = $pagetime;

    return FALSE;
}


// ALWAYS START SESSION ON EVERY PAGE
session_start();

// TEST THE CLICK-SPEED
if (too_fast()) echo "<br/>TOO FAST" . PHP_EOL;

// PRESENT THE TIMERS
echo '<br/>REALTIME: ' . date('i:s') . ' PAGETIME: ' . number_format($_SESSION["pagetime"]);

// END OF PHP, PUT UP A FORM FOR RAPID TESTING
?>
<form>
<input type="submit" value="CLICK HERE REPEATEDLY" />
</form>

Open in new window

0
 

Author Comment

by:showmeurgoods
Comment Utility
Hello Ray

The protection is meant redirect any/all over excessive requests to a page. I've been told it will redirect some ddos type attacks also and/or bad bots.  Its placed in the header of both site and forum. (two separate headers).

They forum are post requests, which are submitted via a member.

The flood.php page is just a landing page which tells them that they are over excessively requesting page requests.  Once this is running well, I'll add the option to either redirect to a page of choice via {($set['redirect_page'])} in place of flood.php and I'll add the history recording also on the flood.php page to record in the db the username, date/time, the page the user came from, and set it to count+1 per hit.  Then in the admin area I can make a page to display this info which will provide helpful.

I'm going to try the above later today and I'll report back :)  
Thank you very much for your posting.

Rob
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Understood.  You should be able to install the code and run it on your server to see what it does.

It will not inoculate against DOS attacks because your server will run out of data pipes - that is the principle issue with denial of service.  But it should be able to limit some bad bots and other scripting attacks.  For good bots, be sure you have the right robots.txt files.
http://www.robotstxt.org/

Best of luck with it, ~Ray
0

Featured Post

Easy Project Management (No User Manual Required)

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
forensics for web activity 4 54
session dropped in IE 10 19
regex expression 9 15
php connect() failed error 25 13
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now