Today i got DOS attack to server.
27 request peer second to login.php in coppermine gallery totally kill my linux server. System load average gets to 60.
I make experiment.
I go with firefox to coppermine login page and in maximum frequency clicking to refresh button in firefox and server get to load 40 in 30 seconds.
This is not normal. I make this on some other php/mysql pages and nothing happend. Server load stay in low values.
CPG is version is 1.4.9 or 1.4.10
Can anybody with linux, apache, mysql server try this?
DDoS attacks are not being performed by someone hammering the reload button of his browser while he's on your page - they are script-driven instead. Your experiment doesn't prove anything.
Coppermine has not been developed with protection against DDoS in mind - you should take precautions against DDoS by implementing server-sided counter-measures like mod_evasive (http://www.google.com/search?q=+mod_evasive), which basically let's you determine a treshold for requests from a single IP per time period. If an IP address requests more than it is allowed to, the requests are being dropped.