|
Hi everyone,
I have new questions for tonight.
I would like to know the best ways to prevent Denial Of Service Attacks.
Well my question is a bit more precise than that.
I can see of three vectors of implementing a DoS attack (an attacker will certainly use a combination of the 3 ...) here they are:
1. Iteration: using a program that will repeatedly make requests with GET/POST.
2. Weight: Send heavy amounts of data to a form.
3. Replication: Have a bot army and flood a server with requests. (using 1. & 2.)
Well my understanding of DoS is as you see quite limited. But i have tried to spot these vectors to somehow better protect my website.
I'm particularly interested in the 2. point.
I have a login form that processes the data each time a user tries to login.
the problem is that the user can send a huge amount of data, and then (as i use some regex), the server will respond very slowly because it will have to process a lot of data.
I think i cant do much to limit the number of characters a user can send from the form, because it can allways be spoofed..
So i would like to know how to prevent my scripts to process requests that have bigger size than X.
I could check the headers, and see if there is a field that contains the number of bits. But that can be spoofed too..
Is it a good idea to try to prevent this from PHP? Or should/could i do it from apache?
Thank you for your insights,
Best regards
bilibytes
| 
