Michelle Konzack wrote:
************************************************************************
* Do not Cc: me, because I READ THIS LIST, if I write here *
* Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe *
************************************************************************
Hello,
on my "devel" server I have a script, which allow me to upload Debian
packages which then are included in my private Debian mirror.
Now I have gotten several 1000 hits in the last days. I call it DoS.
There are idiots who have tried to upload shit on my Webspace but since
I check it to be ONLY Debian files they where not successful.
My biggest problem is, that the "/fileupload.php" was always references
from outside my webspace. OK, I was thinking this can be solved by
using HTTP_REFERER which has then worked for some days but NOW those
pigs are back and sending spoofed HTTP_REFERER.
Since I have only a VHost @ISP I can not go deeper into the Apache2
config what I have done when I was running my own server.
Can anyone suggest me something, how to block requests from outside?
Size limitation is not possibel, since some of my upload files are very
huge and I must be able to upload files without Laptop and FTP/SCP
access.
There's a number of things you can try, depending on what EXACTLY they
are doing.
If they are uploading things to your server which they then reference,
it is a simple apache configuration that you could do. For instance,
you can upload fine to my server, but once it is there, the system knows
nothing about it. You can see the file all day long, but nothing is
going to allow it to get served back to you.
If they are continuing to load the page, implement a simple login and
page check for that specific page. Sure, apache loads the page, but
that's done PDQ instead of letting them upload a file first. If the
login works, great, give them the upload form, otherwise error them out.
You could snag the IP address, browser type, other information and
store it all in a DB, then do a quick check to see if the IP matches,
followed by a browser and whatnot. It's overkill, but you should also
see HOW they are doing it as well, and you could implement the block to
work on a number of factors.
If they are uploading to just stall you out, talk to the ISP and let
them know you are getting DDOS and get their network admins involved.
You could change the filename, but maybe that's too simple a suggestion?
If it is for your personal use, rename the upload page to
Michelles_dumb_upload_script.php or even have a cron job that randomly
changes the name of the file and emails you the new name when it is done.
OH, and check your email sending server for dates and such. According
to the headers, you sent the email this morning. But according to the
dates on the sent email, you sent it on the 13th at 4:21 PM which is
about 2 days and 15 hours and 32 minutes before you actually did.
Wolf
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php