Solved

How To Prevent False Reads From Anti-Flood Protection?

Posted on 2010-09-08
6
693 Views
Last Modified: 2013-11-25
Hello

The below code is for redirecting flood attempts to a flood page I have made.  The only problem with the below coding is that sometimes it gives false positives and redirects to the flood page when there is no flood.  It will do this on such things as loggin in to my site, or posting in the forum at times it will do this. The 0.000001 below is the time set for it.

What adjustments can be made to increase the accuracy of the flood protection?

Thanks
Rob

// anti flood protection
if($_SESSION['last_session_request'] > time() - 0.000001 && !$_SESSION['forum_flood'] && !$ir['forummod'] && !$ir['forumadmin']  && !$ir['forumcoder']){
    // users will be redirected to this page if it makes requests faster than 2 seconds
    header("Location: ../flood.php");
    exit;
}
$_SESSION['last_session_request'] = time();
unset($_SESSION['forum_flood']);
 //end anti flood protection
}	

Open in new window

0
Comment
Question by:showmeurgoods
  • 3
  • 2
6 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 33633451
Please explain a little more... What is the problem you are up against?
0
 

Author Comment

by:showmeurgoods
ID: 33633508
Hello

What the code does is send a member/visitor who is excessively reqeusting pages.  This is a flood prevention code.  The issue is that it gives false positives sometimes.  I've tried to adjust the time to be more accurate, but it has not done it.

Are there any adjustments to the code or to the time, which will stop the false positives?

I know there are similar codes online for anti flood, this one is all good except for the 0.00001 which I've tried to adjust to different times, but seems to still give false redirects.

Thanks
Rob
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 33635957
OK, thanks.  about this: "excessively reqeusting pages" -- are these GET requests or are these POSTS to the forum?  What does the ../flood.php page do?

The PHP time() function should give you an integer that changes every second.  Most humans would not request pages faster than once per second.  But with a little added code, we can get to a rate-limit that is subsecond, and therefore less subject to false positives.

I do not know of any server that would cache the time requests.
<?php // RAY_temp_antiflood.php
error_reporting(E_ALL);


// DEMONSTRATE AN ANTI-FLOOD STRATEGY  - RATE LIMITED USING A TIMER
function too_fast()
{
    // DEFINE USEFUL LOCAL CONSTANTS TO LET $pagetime BE A POSITIVE INTEGER - ADJUST THESE
    define('MY_EPOCH', 2000000000.0);
    define('MY_RATER', 5.0);

    // GET THE PSEUDO PAGE LOAD TIME IN FRACTIONAL SECONDS
    // MAN PAGE: http://us.php.net/manual/en/function.microtime.php#83642
    $pagetime = (int)( (round( microtime(true),1) * MY_RATER) - MY_EPOCH);

    // IF THERE IS A TIME IN THE SESSION, IT IS A REPEAT REQUEST
    if (!empty($_SESSION["pagetime"]))
    {
        // IF THE REPEAT IS TOO SOON AFTER THE LAST PAGE LOAD
        if ($_SESSION["pagetime"] >= $pagetime)
        {
            return TRUE;
        }
    }

    // STORE THE CURRENT PAGE LOAD TIME IN THE SESSION
    $_SESSION["pagetime"] = $pagetime;

    return FALSE;
}


// ALWAYS START SESSION ON EVERY PAGE
session_start();

// TEST THE CLICK-SPEED
if (too_fast()) echo "<br/>TOO FAST" . PHP_EOL;

// PRESENT THE TIMERS
echo '<br/>REALTIME: ' . date('i:s') . ' PAGETIME: ' . number_format($_SESSION["pagetime"]);

// END OF PHP, PUT UP A FORM FOR RAPID TESTING
?>
<form>
<input type="submit" value="CLICK HERE REPEATEDLY" />
</form>

Open in new window

0
 

Author Comment

by:showmeurgoods
ID: 33640538
Hello Ray

The protection is meant redirect any/all over excessive requests to a page. I've been told it will redirect some ddos type attacks also and/or bad bots.  Its placed in the header of both site and forum. (two separate headers).

They forum are post requests, which are submitted via a member.

The flood.php page is just a landing page which tells them that they are over excessively requesting page requests.  Once this is running well, I'll add the option to either redirect to a page of choice via {($set['redirect_page'])} in place of flood.php and I'll add the history recording also on the flood.php page to record in the db the username, date/time, the page the user came from, and set it to count+1 per hit.  Then in the admin area I can make a page to display this info which will provide helpful.

I'm going to try the above later today and I'll report back :)  
Thank you very much for your posting.

Rob
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 33641104
Understood.  You should be able to install the code and run it on your server to see what it does.

It will not inoculate against DOS attacks because your server will run out of data pipes - that is the principle issue with denial of service.  But it should be able to limit some bad bots and other scripting attacks.  For good bots, be sure you have the right robots.txt files.
http://www.robotstxt.org/

Best of luck with it, ~Ray
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Three simple tips to quickly and efficiently back up and protect the contents of your PC and Mac®.
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now