XF 2.1 Possible search flooding DOS attack?

Stuart Wright

Stuart Wright

Well-known member
Folks, we're getting lots of queries in the database like this but with slightly different search terms:
SELECT xf_thread.*
FROM xf_thread

WHERE (xf_thread.title LIKE '%Panasonic%') AND (xf_thread.title LIKE '%OLED%') AND (xf_thread.title LIKE '%Series%') AND (xf_thread.discussion_state = 'visible') AND (xf_thread.discussion_type <> 'redirect') AND (xf_thread.post_date >= 0) AND (xf_thread.thread_id <> 2236654) AND ((xf_thread.node_id = 297) OR (xf_thread.node_id = 508) OR (xf_thread.node_id = 509) OR (xf_thread.node_id = 510) OR (xf_thread.node_id = 511) OR (xf_thread.node_id = 512) OR (xf_thread.node_id = 513) OR (xf_thread.node_id = 104) OR (xf_thread.node_id = 367) OR (xf_thread.node_id = 155) OR (xf_thread.node_id = 232) OR (xf_thread.node_id = 82) OR (xf_thread.node_id = 87) OR (xf_thread.node_id = 91) OR (xf_thread.node_id = 107) OR (xf_thread.node_id = 114) OR (xf_thread.node_id = 145) OR (xf_thread.node_id = 113) OR (xf_thread.node_id = 565) OR (xf_thread.node_id = 495) OR (xf_thread.node_id = 246) OR (xf_thread.node_id = 203) OR (xf_thread.node_id = 59) OR (xf_thread.node_id = 152) OR (xf_thread.node_id = 123) OR (xf_thread.node_id = 129) OR (xf_thread.node_id = 137) OR (xf_thread.node_id = 361) OR (xf_thread.node_id = 47) OR (xf_thread.node_id = 332) OR (xf_thread.node_id = 148) OR (xf_thread.node_id = 126) OR (xf_thread.node_id = 263) OR (xf_thread.node_id = 239) OR (xf_thread.node_id = 566) OR (xf_thread.node_id = 259) OR (xf_thread.node_id = 547) OR (xf_thread.node_id = 562) OR (xf_thread.node_id = 373) OR (xf_thread.node_id = 43) OR (xf_thread.node_id = 44) OR (xf_thread.node_id = 130) OR (xf_thread.node_id = 45) OR (xf_thread.node_id = 147) OR (xf_thread.node_id = 127) OR (xf_thread.node_id = 245) OR (xf_thread.node_id = 567) OR (xf_thread.node_id = 307) OR (xf_thread.node_id = 183) OR (xf_thread.node_id = 390) OR (xf_thread.node_id = 523) OR (xf_thread.node_id = 73) OR (xf_thread.node_id = 333) OR (xf_thread.node_id = 224) OR (xf_thread.node_id = 164) OR (xf_thread.node_id = 516) OR (xf_thread.node_id = 284) OR (xf_thread.node_id = 168) OR (xf_thread.node_id = 272) OR (xf_thread.node_id = 460) OR (xf_thread.node_id = 406) OR (xf_thread.node_id = 37) OR (xf_thread.node_id = 298) OR (xf_thread.node_id = 447) OR (xf_thread.node_id = 55) OR (xf_thread.node_id = 563) OR (xf_thread.node_id = 78) OR (xf_thread.node_id = 420) OR (xf_thread.node_id = 290) OR (xf_thread.node_id = 407) OR (xf_thread.node_id = 324) OR (xf_thread.node_id = 54) OR (xf_thread.node_id = 80) OR (xf_thread.node_id = 240) OR (xf_thread.node_id = 175) OR (xf_thread.node_id = 189) OR (xf_thread.node_id = 194) OR (xf_thread.node_id = 61) OR (xf_thread.node_id = 570) OR (xf_thread.node_id = 524) OR (xf_thread.node_id = 265) OR (xf_thread.node_id = 303) OR (xf_thread.node_id = 527) OR (xf_thread.node_id = 560) OR (xf_thread.node_id = 412) OR (xf_thread.node_id = 564) OR (xf_thread.node_id = 571) OR (xf_thread.node_id = 419) OR (xf_thread.node_id = 327) OR (xf_thread.node_id = 266) OR (xf_thread.node_id = 302) OR (xf_thread.node_id = 320) OR (xf_thread.node_id = 323) OR (xf_thread.node_id = 321) OR (xf_thread.node_id = 322) OR (xf_thread.node_id = 280) OR (xf_thread.node_id = 270) OR (xf_thread.node_id = 192) OR (xf_thread.node_id = 430) OR (xf_thread.node_id = 106) OR (xf_thread.node_id = 371) OR (xf_thread.node_id = 477) OR (xf_thread.node_id = 392) OR (xf_thread.node_id = 446) OR (xf_thread.node_id = 291) OR (xf_thread.node_id = 410) OR (xf_thread.node_id = 517) OR (xf_thread.node_id = 100) OR (xf_thread.node_id = 105) OR (xf_thread.node_id = 247) OR (xf_thread.node_id = 357) OR (xf_thread.node_id = 491) OR (xf_thread.node_id = 545) OR (xf_thread.node_id = 544) OR (xf_thread.node_id = 493) OR (xf_thread.node_id = 554) OR (xf_thread.node_id = 258) OR (xf_thread.node_id = 558) OR (xf_thread.node_id = 33) OR (xf_thread.node_id = 205) OR (xf_thread.node_id = 206) OR (xf_thread.node_id = 553) OR (xf_thread.node_id = 423) OR (xf_thread.node_id = 540) OR (xf_thread.node_id = 494) OR (xf_thread.node_id = 550) OR (xf_thread.node_id = 551) OR (xf_thread.node_id = 552) OR (xf_thread.node_id = 262) OR (xf_thread.node_id = 541) OR (xf_thread.node_id = 271) OR (xf_thread.node_id = 274) OR (xf_thread.node_id = 542) OR (xf_thread.node_id = 273) OR (xf_thread.node_id = 424) OR (xf_thread.node_id = 35) OR (xf_thread.node_id = 96) OR (xf_thread.node_id = 568) OR (xf_thread.node_id = 242) OR (xf_thread.node_id = 198) OR (xf_thread.node_id = 62) OR (xf_thread.node_id = 90) OR (xf_thread.node_id = 338) OR (xf_thread.node_id = 185) OR (xf_thread.node_id = 153) OR (xf_thread.node_id = 85) OR (xf_thread.node_id = 51) OR (xf_thread.node_id = 93) OR (xf_thread.node_id = 329) OR (xf_thread.node_id = 380) OR (xf_thread.node_id = 353) OR (xf_thread.node_id = 99) OR (xf_thread.node_id = 538) OR (xf_thread.node_id = 340) OR (xf_thread.node_id = 402) OR (xf_thread.node_id = 341) OR (xf_thread.node_id = 492) OR (xf_thread.node_id = 539) OR (xf_thread.node_id = 339) OR (xf_thread.node_id = 409) OR (xf_thread.node_id = 241) OR (xf_thread.node_id = 243) OR (xf_thread.node_id = 391) OR (xf_thread.node_id = 358) OR (xf_thread.node_id = 154) OR (xf_thread.node_id = 330) OR (xf_thread.node_id = 476) OR (xf_thread.node_id = 343) OR (xf_thread.node_id = 531) OR (xf_thread.node_id = 394) OR (xf_thread.node_id = 344) OR (xf_thread.node_id = 252) OR (xf_thread.node_id = 268) OR (xf_thread.node_id = 210) OR (xf_thread.node_id = 211) OR (xf_thread.node_id = 234) OR (xf_thread.node_id = 481) OR (xf_thread.node_id = 212) OR (xf_thread.node_id = 543) OR (xf_thread.node_id = 161) OR (xf_thread.node_id = 574) OR (xf_thread.node_id = 484) OR (xf_thread.node_id = 188) OR (xf_thread.node_id = 162) OR (xf_thread.node_id = 50) OR (xf_thread.node_id = 463) OR (xf_thread.node_id = 279) OR (xf_thread.node_id = 482) OR (xf_thread.node_id = 487) OR (xf_thread.node_id = 436) OR (xf_thread.node_id = 89) OR (xf_thread.node_id = 414) OR (xf_thread.node_id = 38) OR (xf_thread.node_id = 370) OR (xf_thread.node_id = 497) OR (xf_thread.node_id = 514) OR (xf_thread.node_id = 498) OR (xf_thread.node_id = 505) OR (xf_thread.node_id = 529) OR (xf_thread.node_id = 559) OR (xf_thread.node_id = 528) OR (xf_thread.node_id = 533) OR (xf_thread.node_id = 503) OR (xf_thread.node_id = 502) OR (xf_thread.node_id = 569) OR (xf_thread.node_id = 506) OR (xf_thread.node_id = 504) OR (xf_thread.node_id = 549) OR (xf_thread.node_id = 537) OR (xf_thread.node_id = 557) OR (xf_thread.node_id = 264) OR (xf_thread.node_id = 532) OR (xf_thread.node_id = 151) OR (xf_thread.node_id = 548) OR (xf_thread.node_id = 432) OR (xf_thread.node_id = 305) OR (xf_thread.node_id = 464) OR (xf_thread.node_id = 176) OR (xf_thread.node_id = 286) OR (xf_thread.node_id = 179) OR (xf_thread.node_id = 256) OR (xf_thread.node_id = 301) OR (xf_thread.node_id = 461) OR (xf_thread.node_id = 354) OR (xf_thread.node_id = 251))
ORDER BY xf_thread.post_date DESC
Click to expand...
So many that it's throwing too many connection errors (with a setting of 600).
Is this a DOS attack?
Is there a way to limit this in the settings at all?
I've had to switch the search off for now.
 
Last edited:
Sort by date Sort by votes
If I'm understanding correctly, the add-on has an explicit option that you are required to enable if you want to use Elasticsearch. For some reason it doesn't automatically just use that if the Enhanced Search add-on is enabled. Which is really quite counter-intuitive.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Marco Famà
  • Question Question
XF 1.1 Avoiding DOS attacks by disabling search functionality
Replies
3
Views
1K
Jake Bunce
Jake Bunce
Back
Top Bottom