On 11/16/2003 02:52 AM, Andre Dubuc wrote:
Recently, a 'user' attempted to access a restricted area of my site repetitively (spanning five hours) entering the same url repetitively [probably by script]. A massive log file was generated. I would like to ban such behavior by limiting the number of successive 'get's a user can do (say 4 attempts) before an appropriate action is taken..
As a temporary measure (until I can figure a better way) the url in question was disabled.
What I'd like to do, on a per-file basis using $_SESSION, is a combination of ipaddress perhaps with a counter that records the number of times that file was accessed, and limit the number of successive 'get's that can be done before the file is no longer accessible.
This solutions will not avoid your problem.
Sometimes I have that problem because some users of my site think they can use site sucking programs to get all its content.
What was done is to have a script monitoring the Web server logs and if the same user of the same IP makes an excessive amount of accesses in a short period, add it to the list of denied addresses for a while. This way, the Web server will not even spare resources for abusing users.
Since you use .haccess based permissions, you can just update that file regularly.
I do not have that script quite ready for release now, but if there is interest, I can release it later as a part of this class that already provides log watching services:
http://www.phpclasses.org/logwatcher
--
Regards, Manuel Lemos
Free ready to use OOP components written in PHP http://www.phpclasses.org/
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
