Print

[punjab]

Today i got DOS attack to server.
27 request peer second to login.php in coppermine gallery totally kill my linux server. System load average gets to 60.

I make experiment.
I go with firefox to coppermine login page and in maximum frequency clicking to refresh button in firefox and server get to load 40 in 30 seconds.

This is not normal. I make this on some other php/mysql pages and nothing happend. Server load stay in low values.
CPG is version is 1.4.9 or 1.4.10

Can anybody with linux, apache, mysql server try this?

[Joachim Müller]

DDoS attacks are not being performed by someone hammering the reload button of his browser while he's on your page - they are script-driven instead. Your experiment doesn't prove anything.
Coppermine has not been developed with protection against DDoS in mind - you should take precautions against DDoS by implementing server-sided counter-measures like mod_evasive, which basically let's you determine a treshold for requests from a single IP per time period. If an IP address requests more than it is allowed to, the requests are being dropped.