Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
Doulos
Life Cycles Becoming CPU Cycles


Joined: Jun 06, 2005
Posts: 633

PostPosted: Fri Nov 23, 2007 2:50 pm Reply with quote

I am not understanding the use of this filter. I am getting a lot of users blocked when they are trying to access on page or another - often index.php.
Here is an example:

Quote:
Date & Time: 2007-11-22 21:00:38 CST GMT -0600
Blocked IP: 67.193.96.14
User ID: Mojie (403)
Reason: Abuse-Flood
--------------------
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 67.193.96.14
Remote Port: 4950
Request Method: GET

1. What are users doing to get blocked by this filter?
2. Would lowering or raising the page or flood delay time cause more or fewer to be blocked? (page=5 sec, flood=4 sec)
3. What is the actual purpose of the flood filter, anyway?
 
View user's profile Send private message
warren-the-ape
Worker
Worker


Joined: Nov 19, 2007
Posts: 196
Location: Netherlands

PostPosted: Fri Nov 23, 2007 3:02 pm Reply with quote

Ezekiel wrote:

1. What are users doing to get blocked by this filter?
2. Would lowering or raising the page or flood delay time cause more or fewer to be blocked? (page=5 sec, flood=4 sec)
3. What is the actual purpose of the flood filter, anyway?


1- Probably refreshing a page or clickin on a link on the page
2- Dont know if im correct on this (please correct me if im wrong), im not using NukeSentinel.. yet Wink

I know that phpbb already uses it to prevent flooding the search, meaning that there is a specific waiting time before the server accepts a new search request.

My guess would be to lower it, although im not sure about the difference between 'page' & 'flood'.

3- Probably releaving stress (bandwith) on the server, I guess. Do a Google search on DDOS attack if you want the extreme version Wink
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Fri Nov 23, 2007 4:12 pm Reply with quote

Look in your tracked IP table for the offending IP. Then look at the date and time stamp and see what the interval is in-between the time stamps to see how fast the IP is requesting pages. That should tell you whether or not it's an IP issue or an NS setting.

The lower the flood setting, the more frequently you allow hits by the same IP. In other words by having a high setting like you do you are only allowing a page request every 4 seconds by the same IP and if the same IP requests more than 1 page w/i 4 seconds it gets banned.

The Page Delay is used for the IP 2 Country database update pages. This is the number of seconds until the next page in the set will automatically load. It has nothing to do with flood control.

BTW, if you look at the Help in the NS Admin panel (the question mark) it does explain this Smile
 
View user's profile Send private message
Doulos
PostPosted: Fri Nov 23, 2007 10:02 pm Reply with quote

Thanks
 
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Sat Nov 24, 2007 12:05 am Reply with quote

I was also always under the impression that the flood blocker wasn't something you really wanted turned on unless you were under a flood attack.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
Raven
PostPosted: Sat Nov 24, 2007 1:20 am Reply with quote

Gremmie wrote:
I was also always under the impression that the flood blocker wasn't something you really wanted turned on unless you were under a flood attack.


That's kind of like getting flood insurance after the flood killing me (pun intended)

Once you are under a flood (dos attack) you won't be able to turn it on because you are usually locked out of your site.
 
Gremmie
PostPosted: Sat Nov 24, 2007 1:06 pm Reply with quote

But even then it was my understanding such an attack is better stopped at the server level, not at the site level. And really, there isn't much you can do about some forms of DOS attacks.

I'm glad sentinel offers the protection, but it is one of those filters that you have to weigh the benefits versus the risks of using it.
 
Raven
PostPosted: Sat Nov 24, 2007 1:51 pm Reply with quote

Gremmie,

That is correct but in your original comment that's not what you said Smile.

You said "I was also always under the impression that the flood blocker wasn't something you really wanted turned on unless you were under a flood attack". If you are under attack you will be unable to turn it on. I'm not sure that's what you meant to say and that's why I replied the way I did.

And my original reply to the question was just stating the answers to the questions that were raised, not necessarily advising one way or another.
 
Doulos
PostPosted: Sat Nov 24, 2007 2:49 pm Reply with quote

Almost 100% of our flood blocks are legitimate users. However, a few have been anonymous trying to access index.php 30 or 40 time in one minute.
 
Gremmie
PostPosted: Sat Nov 24, 2007 5:38 pm Reply with quote

Raven, true.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©