Not a bug Session flood issue

[EgyKit]

Hello,

Today I had very high cpu and memory load reaching 100% by an attacker, after some viewing the database during the high load I noticed that the session table is filled up with thousands of session entries from the same IP with the same data except the sessionStart in the session_data field

I've disabled all add-ons and the issue still exist, I was able to stop him just by banning his IP from the cpanel!

I think this is a bug in the xenforo and how to disable insertion of multiple sessions for the same IP?

 

[digitalpoint]

You can't... If you did that then two people on the same network behind a NAT couldn't use the site... Or some ISPs even use NATs for all their users (especially in Asia).

 

[EgyKit]

You can't... If you did that then two people on the same network behind a NAT couldn't use the site... Or some ISPs even use NATs for all their users (especially in Asia).

Thank you, the problem has been solved by setting up a firewall

 

[digitalpoint]

Yep... that's the best thing to do... just blocking the IP. The farther upstream you can block the IP the better. At the application level is okay, server level is better, somewhere before they even get to your servers would be even better.

 

[EgyKit]

Yep... that's the best thing to do... just blocking the IP. The farther upstream you can block the IP the better. At the application level is okay, server level is better, somewhere before they even get to your servers would be even better.

Yes a hardware firewall is the best option thank you for your update.