Coppermine Mass Add Files vs DOS Attack Help Please! Coppermine Mass Add Files vs DOS Attack Help Please!
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Coppermine Mass Add Files vs DOS Attack Help Please!

Started by x9sim9, March 13, 2008, 11:48:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

x9sim9

Hi, I use the Mass Add Files feature to upload content to the gallery, which is very useful.

Unfortunately my server frequently experiences DOS (denial of service) attacks from hackers, and as such I have had to install a module to provide protection

the mod_evasive apache module http://www.zdziarski.com/projects/mod_evasive/

Unfortunately this module mistakes the Mass Add Files feature of Coppermine for a DOS attack.

A DOS attack has the following behaviour:
Requesting the same page a considerable number of times per second
Making considerable concurrent requests on the same child per second

Unfortunately the way in which coppermine adds files to the gallery requires calling the same page once for every photo uploaded, so 100 photos would be a 100 (almost simultaneous) connections to the same page.

Is there a way in which I can upload a considerable number of photos to the gallery, whilst still protecting from DOS (Denial of Service) attacks?

SaWey

Eather you can put yourself on the whitelist of the mod, or if you have a dynamic IP, you might want to try and execute the page from the server itself.

Probably better to ask the creator of this mod for support on this?

x9sim9

Unforunately I am both on a dynamic IP and not in direct control of the server (hosting company). My concern is that the way in which coppermine updates photos in the gallery is the same behavior as a denial of service attack, so no matter what module is used to protect the server I am still going to receive this problem.

What I am looking for is some way of both protecting against this attack and uploading content to the server, is there another way to add files to the gallery that are put on the server by an FTP client for example.

Or a way in which i can limit the number of simultaneous connections that coppermine uses when using the Mass Add Files feature.

thanks for your feedback

Nibbler

It's not Coppermine that creates these connections, it's your web browser. Adjust the number of concurrent connections your browser uses per server (if your web browser allows you to control this).

x9sim9

Interesting Idea anyone know exactly how this works with the Mass Add Files function?

does it create a seperate connection for each photo
or
create a new request for each photo

I know its calling on the same page for each photo, would there be a way to limit how many calls to the same page from the browser?

and which browser would allow me to limit connections?

thanks for your help, guys