FractalizeR
06-29-2009, 10:00 PM
Introduction
Some time ago I received several messages from my server about database error. They are described here (http://www.vbulletin.com/forum/showthread.php?t=309233). It looked like malicious server overload or hack attempt. It seemed to me like some hacker found the way to flood my server with expensive queries. Some time after I found the reason (http://www.vbulletin.com/forum/project.php?issueid=28376).
This is not an engine bug, at least it doesn't look like one. But until devs will make a decision (I guess they are too busy with VB4), I wanted my forum to be protected. So, I made this addon. It should be compatible with vb 3.6.x, 3.7.x and 3.8.x
Engine specifics
As far as I can understand, on search, Vbulletin makes at least two additional queries for each word you searched for (one per word table, second - for post table to find posts for that word). If some words ORed - results joined. If they are ANDed - an intersection is calculated in PHP via array_intersect. Those queries are without any LIMIT clause and can make a load on server. Actually, that is why search is so resource-intensive.
What does it do?
It limits the amount of search operators and overall search query word count to prevent high server load.
Hack is disabled after installation and you need to setup limits in Vbulletin options after installation.
How to install/upgrade?
Just import/reimport product xml.
What are the recommended settings for big boards?
I think, you can limit overal operators to 4 and a number of search words to 7-10. I don't think regular users will push the limits.
Version history:
1.0
Initial release
Some time ago I received several messages from my server about database error. They are described here (http://www.vbulletin.com/forum/showthread.php?t=309233). It looked like malicious server overload or hack attempt. It seemed to me like some hacker found the way to flood my server with expensive queries. Some time after I found the reason (http://www.vbulletin.com/forum/project.php?issueid=28376).
This is not an engine bug, at least it doesn't look like one. But until devs will make a decision (I guess they are too busy with VB4), I wanted my forum to be protected. So, I made this addon. It should be compatible with vb 3.6.x, 3.7.x and 3.8.x
Engine specifics
As far as I can understand, on search, Vbulletin makes at least two additional queries for each word you searched for (one per word table, second - for post table to find posts for that word). If some words ORed - results joined. If they are ANDed - an intersection is calculated in PHP via array_intersect. Those queries are without any LIMIT clause and can make a load on server. Actually, that is why search is so resource-intensive.
What does it do?
It limits the amount of search operators and overall search query word count to prevent high server load.
Hack is disabled after installation and you need to setup limits in Vbulletin options after installation.
How to install/upgrade?
Just import/reimport product xml.
What are the recommended settings for big boards?
I think, you can limit overal operators to 4 and a number of search words to 7-10. I don't think regular users will push the limits.
Version history:
1.0
Initial release