Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

HTTP attacks & search?

VazVaz New
edited July 2007 in Vanilla 1.0 Help
I remember when I was on VB my forums once got a http attack. Basically someone got a program to open up multiple search qeuries with different ip addresses (probably through proxies). This lead to a server crash (I ended up having to remove the search page all together). I just took a look at the app settings page and the only option for configuring search about is: 'Search results per page' Perhaps there should be an option for setting the amount of time before someone can search again or some other way to combat this?

Comments

  • lechlech
    While I can see this as an attack vector of the obnoxious sort, so far I don't think anyone has experienced anything like it via a Vanilla based install. However I agree that it might be nice to limit the number of queries that could be performed within a given time frame to prevent this kind of behavior by visitors if it's an open forum. While I don't think most DB or Apache servers will crumble from Vanilla being hit, it has the potential to seriously slow them down.

    Unless it's written into the core, the best option right now is an extension that can act as some kind of a monitor to track requests and cut an IP off if it's generating too much traffic. Not sure exactly how to tackle this problem off the top of my head.
This discussion has been closed.