Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Coppermine Mass Add Files vs DOS Attack Help Please!  (Read 2024 times)

0 Members and 1 Guest are viewing this topic.

x9sim9

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Coppermine Mass Add Files vs DOS Attack Help Please!
« on: March 13, 2008, 11:48:58 pm »

Hi, I use the Mass Add Files feature to upload content to the gallery, which is very useful.

Unfortunately my server frequently experiences DOS (denial of service) attacks from hackers, and as such I have had to install a module to provide protection

the mod_evasive apache module http://www.zdziarski.com/projects/mod_evasive/

Unfortunately this module mistakes the Mass Add Files feature of Coppermine for a DOS attack.

A DOS attack has the following behaviour:
Requesting the same page a considerable number of times per second
Making considerable concurrent requests on the same child per second

Unfortunately the way in which coppermine adds files to the gallery requires calling the same page once for every photo uploaded, so 100 photos would be a 100 (almost simultaneous) connections to the same page.

Is there a way in which I can upload a considerable number of photos to the gallery, whilst still protecting from DOS (Denial of Service) attacks?
Logged

SaWey

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1119
    • SaWey.be
Re: Coppermine Mass Add Files vs DOS Attack Help Please!
« Reply #1 on: March 14, 2008, 12:11:46 am »

Eather you can put yourself on the whitelist of the mod, or if you have a dynamic IP, you might want to try and execute the page from the server itself.

Probably better to ask the creator of this mod for support on this?
Logged

x9sim9

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Coppermine Mass Add Files vs DOS Attack Help Please!
« Reply #2 on: March 14, 2008, 11:02:17 pm »

Unforunately I am both on a dynamic IP and not in direct control of the server (hosting company). My concern is that the way in which coppermine updates photos in the gallery is the same behavior as a denial of service attack, so no matter what module is used to protect the server I am still going to receive this problem.

What I am looking for is some way of both protecting against this attack and uploading content to the server, is there another way to add files to the gallery that are put on the server by an FTP client for example.

Or a way in which i can limit the number of simultaneous connections that coppermine uses when using the Mass Add Files feature.

thanks for your feedback
Logged

Nibbler

  • Guest
Re: Coppermine Mass Add Files vs DOS Attack Help Please!
« Reply #3 on: March 14, 2008, 11:06:26 pm »

It's not Coppermine that creates these connections, it's your web browser. Adjust the number of concurrent connections your browser uses per server (if your web browser allows you to control this).
Logged

x9sim9

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Coppermine Mass Add Files vs DOS Attack Help Please!
« Reply #4 on: March 24, 2008, 03:25:58 am »

Interesting Idea anyone know exactly how this works with the Mass Add Files function?

does it create a seperate connection for each photo
or
create a new request for each photo

I know its calling on the same page for each photo, would there be a way to limit how many calls to the same page from the browser?

and which browser would allow me to limit connections?

thanks for your help, guys
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 19 queries.