Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How To Prevent False Reads From Anti-Flood Protection?

Posted on 2010-09-08
6
Medium Priority
?
713 Views
Last Modified: 2013-11-25
Hello

The below code is for redirecting flood attempts to a flood page I have made.  The only problem with the below coding is that sometimes it gives false positives and redirects to the flood page when there is no flood.  It will do this on such things as loggin in to my site, or posting in the forum at times it will do this. The 0.000001 below is the time set for it.

What adjustments can be made to increase the accuracy of the flood protection?

Thanks
Rob

// anti flood protection
if($_SESSION['last_session_request'] > time() - 0.000001 && !$_SESSION['forum_flood'] && !$ir['forummod'] && !$ir['forumadmin']  && !$ir['forumcoder']){
    // users will be redirected to this page if it makes requests faster than 2 seconds
    header("Location: ../flood.php");
    exit;
}
$_SESSION['last_session_request'] = time();
unset($_SESSION['forum_flood']);
 //end anti flood protection
}	

Open in new window

0
Comment
Question by:showmeurgoods
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 33633451
Please explain a little more... What is the problem you are up against?
0
 

Author Comment

by:showmeurgoods
ID: 33633508
Hello

What the code does is send a member/visitor who is excessively reqeusting pages.  This is a flood prevention code.  The issue is that it gives false positives sometimes.  I've tried to adjust the time to be more accurate, but it has not done it.

Are there any adjustments to the code or to the time, which will stop the false positives?

I know there are similar codes online for anti flood, this one is all good except for the 0.00001 which I've tried to adjust to different times, but seems to still give false redirects.

Thanks
Rob
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 33635957
OK, thanks.  about this: "excessively reqeusting pages" -- are these GET requests or are these POSTS to the forum?  What does the ../flood.php page do?

The PHP time() function should give you an integer that changes every second.  Most humans would not request pages faster than once per second.  But with a little added code, we can get to a rate-limit that is subsecond, and therefore less subject to false positives.

I do not know of any server that would cache the time requests.
<?php // RAY_temp_antiflood.php
error_reporting(E_ALL);


// DEMONSTRATE AN ANTI-FLOOD STRATEGY  - RATE LIMITED USING A TIMER
function too_fast()
{
    // DEFINE USEFUL LOCAL CONSTANTS TO LET $pagetime BE A POSITIVE INTEGER - ADJUST THESE
    define('MY_EPOCH', 2000000000.0);
    define('MY_RATER', 5.0);

    // GET THE PSEUDO PAGE LOAD TIME IN FRACTIONAL SECONDS
    // MAN PAGE: http://us.php.net/manual/en/function.microtime.php#83642
    $pagetime = (int)( (round( microtime(true),1) * MY_RATER) - MY_EPOCH);

    // IF THERE IS A TIME IN THE SESSION, IT IS A REPEAT REQUEST
    if (!empty($_SESSION["pagetime"]))
    {
        // IF THE REPEAT IS TOO SOON AFTER THE LAST PAGE LOAD
        if ($_SESSION["pagetime"] >= $pagetime)
        {
            return TRUE;
        }
    }

    // STORE THE CURRENT PAGE LOAD TIME IN THE SESSION
    $_SESSION["pagetime"] = $pagetime;

    return FALSE;
}


// ALWAYS START SESSION ON EVERY PAGE
session_start();

// TEST THE CLICK-SPEED
if (too_fast()) echo "<br/>TOO FAST" . PHP_EOL;

// PRESENT THE TIMERS
echo '<br/>REALTIME: ' . date('i:s') . ' PAGETIME: ' . number_format($_SESSION["pagetime"]);

// END OF PHP, PUT UP A FORM FOR RAPID TESTING
?>
<form>
<input type="submit" value="CLICK HERE REPEATEDLY" />
</form>

Open in new window

0
 

Author Comment

by:showmeurgoods
ID: 33640538
Hello Ray

The protection is meant redirect any/all over excessive requests to a page. I've been told it will redirect some ddos type attacks also and/or bad bots.  Its placed in the header of both site and forum. (two separate headers).

They forum are post requests, which are submitted via a member.

The flood.php page is just a landing page which tells them that they are over excessively requesting page requests.  Once this is running well, I'll add the option to either redirect to a page of choice via {($set['redirect_page'])} in place of flood.php and I'll add the history recording also on the flood.php page to record in the db the username, date/time, the page the user came from, and set it to count+1 per hit.  Then in the admin area I can make a page to display this info which will provide helpful.

I'm going to try the above later today and I'll report back :)  
Thank you very much for your posting.

Rob
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 33641104
Understood.  You should be able to install the code and run it on your server to see what it does.

It will not inoculate against DOS attacks because your server will run out of data pipes - that is the principle issue with denial of service.  But it should be able to limit some bad bots and other scripting attacks.  For good bots, be sure you have the right robots.txt files.
http://www.robotstxt.org/

Best of luck with it, ~Ray
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question