2010-10-20 10:17:51Need advice on protecting SkS from DoS attacks via the Firefox plugin
John Cook


I have a question for the technical boffins here on the forum. Shine Tech have submitted the Firefox plugin off to Mozilla so it's now being reviewed and should get published within a few weeks. So Adam warned me that I should be prepared in case someone tries to use the plugin to direct Denial of Service attacks. Eg - send repeated submissions to overcome the server.

How the plugin works is it sends webpage info to a SkS php page with the info as various $_GET variables. My php page then saves all the webpage info to my database of climate articles. I also save the IP of the user. So I'm thinking I need something that detects if a single IP is sending multiple submissions quickly and then block that IP. So my questions:

  1. Any advice on the best way to detect a DoS attack? Should I do a database query to see how many submissions from that IP over the last minute and if it goes over a certain amount, block that IP?
  2. What's the best way to block an IP? Currently, I block IPs that tried hacking the website but as there's only been a handful, I do it manually, copying and pasting the IP into a text file. But if this is automated, should I have a database of blocked IPs? That means whenever I receive a Plugin submission, I first do a query to check if the IP is kosher. Is that the best way? Or is it less draining on my server to pull IP info from a text file?
Thanks, appreciate any advice on this front as I'm a newbie to these issues.