• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.2 Forum crashes simply by holding down F5

#1
Hi!

I can crash my forums by holding down F5. I've disabled all add-ons, enabled APC and reduced PHP memory limit down to 8M. I'm on a managed server so I can't install any Apache mods, what should I do?
 
#4
Crashing = Slowing down to near unusable. I know I'm DoSing my server but is there any built-in mechanism that could prevent this or am I doing something wrong? Also, I can only do this by refreshing pages that have lot of messages.
 

Liam W

Well-known member
#5
Get a better server? Reducing the memory limit will just make it worse, as PHP won't have as much memory to complete tasks.

Liam
 

EQnoble

Well-known member
#6
Hi!

I can crash my forums by holding down F5. I've disabled all add-ons, enabled APC and reduced PHP memory limit down to 8M. I'm on a managed server so I can't install any Apache mods, what should I do?
Hi there. If your server is managed tell the person who manages it to setup mod_evasive or mod_cband or whatever alternative they prefer to limit requests per ip per second or whatever and they should take it from there.
 
#7
Hi there. If your server is managed tell the person who manages it to setup mod_evasive or mod_cband or whatever alternative they prefer to limit requests per ip per second or whatever and they should take it from there.
Sadly, this is not an option as they won't install any additional mods.
 

EQnoble

Well-known member
#8
Sadly, this is not an option as they won't install any additional mods.
Unfortunately there is not much you can other than find a different host within the same budget who can keep your site up and stop that sort of thing. However...if you already have your ip address or range set in a white-listed type of configuration and send a ridiculous amount of requests from that ip address you could still take down your own server if it is smaller server.

All in all if it is a problem and it can't be solved there it would be best to seek a solution somewhere else.
 
#9
One of the members of forum suggested a session based solution. With this code inside $session->start(); I should be able to limit too many attempts. I probably should write a lugin for this, right? What events should I listen?

Code:
private $url = 'foobar';
private $urlCount = 0;

function checkUrlCount() {
        if ($this->url == $_SERVER['REQUEST_URI']) {
            $Now = C_Timestamp::now();
            if ($this->UrlTime->addSeconds(2)->isLessThan($Now)) {
                $this->urlCount = 0;
                $this->UrlTime = $Now;
            }
            $this->urlCount++;
        } else {
            $this->UrlTime = C_Timestamp::now();
            $this->url = $_SERVER['REQUEST_URI'];
            $this->urlCount = 1;
        }

        if ($this->urlCount > 4) {
            $this->UrlTime = C_Timestamp::now();
            echo $this->urlCount . ' refreshes in last 2 sconds. ';
            echo 'Too many refreshes. ';
            echo '<p>Wait for a few seconds and click here: <a href="' . $this->url . '">' . $this->url . '</p>';
            exit;
        }
    }