This hack limits the number of http requests to 1 request per IP address
per second. It works for both registered users as well as guests. If a users
hits the refresh button more than once per second he will be taken to the
error screen. The hack actually terminates the loading process of the page
in the early stages and prevents the server load from going up. I have
tried the refresh flood with and without this hack. And without the hack
I got the server load to go from 0.7 to about 25 with about 30 people logged
on. With the hack in place, the same refresh flood caused the load to go as high
as 1.2.
This hack requires you to create a new template. And it modifies 2 source
files: global.php and showthread.php.
In admin CP add the following template: error_floodreload
Add the following text to the template:
Code:
Sorry! The administrator has specified that users can only make one http request every 1 second.
// Flood control for abusive relaods...
$user_ip=$DB_site->query_first("select host, location, lastactivity from session where host = '".addslashes($REMOTE_ADDR)."' order by lastactivity desc limit 1;");
if($REMOTE_ADDR == $user_ip[host]) {
global $bbtitle,$logincode,$url,$scriptpath,$bbuserinfo,$session;
$time_now = time();
if($time_now == $user_ip[lastactivity]) {
$DB_site->query("update session set lastactivity='$time_now' where host='".addslashes($REMOTE_ADDR)."' and lastactivity='$user_ip[lastactivity]';");
$style=$DB_site->query_first("select * from style where userselect = 1;");
$templatesetid = $style[templatesetid];
$styleid = $style[styleid];
$replacementsetid = $style[replacementsetid];
eval("standarderror(\"".gettemplate("error_floodreload")."\");");
exit;
}
}
In showthread.php
Look for the following code:
PHP Code:
// goto last post
if ($goto=="lastpost") {
Replace it with
PHP Code:
// goto last post
if ($goto=="lastpost") {
// Flood control for abusive relaods...
sleep(1);
In showthread.php
Look for:
PHP Code:
// goto newest post
if ($goto=="newpost") {
Replace it with:
PHP Code:
// goto newest post
if ($goto=="newpost") {
// Flood control for abusive relaods...
sleep(1);
The reason for the 1 second sleeps is to prevent the error screen from popping up when
the user clicks on the goto newest or goto last post arrows in the forum display.
Those 2 calls end up making a second recursive call to showthread.php which ends up
being within the same 1 second interval of the click itself. This way you are fooling
the flood control so that it wont catch the back to back requests.
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
it's a very good idea and a must have hack especially for people having bandwidth problems. IMO it also fixes the gap someone could exploit by sending too many page requests for a long time and thus making your server busy all the times. It wouldnt be a problem for manual sending but a malicious hacker could always code a script to make it automatically and increase your server load dramatically. So great fix..
One minor issue though: it would prevent users open a few pages at the same time when they come to the site. For example when they make a search, they cant anymore open a few threads at the same time by clicking "Open in new browser windows" link. (which I do a lot!). Of course this is not related to you it's the nature of the hack but maybe setting the second to 0.5 instead of 1 may be a little help for these users...
You can actually load multiple pages. I do that all the time. I am willing to bet you money that opening the subsequent windows will take longer than a one second interval.
Reload Flood Control Details »»
About Developer
Visit Web Site
No support by the author.
09-06-2002, 09:20 AM
