I am working on a java application that exposes webservices for a flash client. Any idea on how to prevent DOS/DDOS attacks ? I cannot use mechanism unfriendly for the end user such as captcha. So far I have found mod_evasive, an apache module which looks quite promising... Any suggestions, best practices, tools I might use ? Thanks in a...
What techniques and/or modules are available to implement robust rate limiting (requests|bytes/ip/unit time) in apache? ...
During the course of our application login there are several queries ran, all around validating the login. In evaluating them I noticed that one of the queries is run without the NOLOCK hint. There does not seem to be any particular danger of dirty read because the data would hardly ever change. Thinking about it from an attempted DOS...
I am writing a web server application in C# and using StreamReader class to read from an underlying NetworkStream: NetworkStream ns = new NetworkStream(clientSocket); StreamReader sr = new StreamReader(ns); String request = sr.ReadLine(); This code is prone to DoS attacks because if the attacker never disconnects we will never fini...
In the comments for this question, someone stated that use of HttpModules opens yourself up to DOS attacks. I would like to understand the reasoning behind this statement. I've found a couple articles that make use of HttpModules to handle/prevent DOS attacks. ...
With a single-server setup for simplicity, which steps could you do to minimize the attacks of a (D)DoS attack? And is it really worth it taking these steps, considering their effectivity and impact on 'normal' users? [EDIT] I also meant to include steps which you would need inject into your code to apply, not only IIS setup. ...
In your experience, what have you found, worked on, or encountered in terms of site vulnerabilities? And what actions did you take to mitigate these issues? This may include XSS (cross site scripting), SQL Injection attacks, plain old DDOS or phishing attempts on your site's customers. Only yesterday I came across an entire section of ...
I am trying to write a script to prevent brute-force login attempts in a website I'm building. The logic goes something like this: User sends login information. Check if username and password is correct If Yes, let them in. If No, record a failed attempt in the database. Check if there's too many fails within a given timeframe (eg: 5 ...
Hi experts... we have a java server-client application with an applet in the client side. our applet seems to be used by attackers for bots and other attacks... we suspect that they modified it and used it. because we use strongly encrypted packets they can do that in only two ways: 1.modify our applet and use it against us in someway...
Can you give me some information about the strongest way of ddos attack ? Is botnet the strongest way of ddosing ? Thanks in advace ...
How could I know that a lot of requests in a short period of time come from a DoS attack and not from normal browser requests? ...
I'm coding a tool, that, given any URL, would periodically fetch its output. The problem is that an output could be not a simple and lightweight HTML page (expected in most cases), but some heavy data stream (i.e. straight from /dev/urandom, possible DoS attack). I'm using java.net.URL + java.net.URLConnection, setting connection and re...
Hi, I would like to know if anyone has experience with good DDOS Proxy Providers, where it is posible to switch only the NS of the domain and to prevent the attack. Please post any provider, that you have used and you recommend and maybe the price range, because I am collecting now some sorces to find the best one for me. I have found so...
Hi, I am developing a fairly simple site on a LAMP framework + Codeigniter and want to implement a user access rate limit feature to prevent the site being flooded with requests from a single user. The basic function of the site is to take a code input and return some info. I'm only at the planning stages and my first idea is to have a...