On Wed, 2004-09-01 at 17:57 +0300, Mauri Sahlberg wrote: > Twice comment-spammer has managed to bring our small server first to > it's knees and then to it's belly? We are running postgresql, apache > and serendipity. Today and yesterday this combination with very rapid > repeated loading of serendipity comment-function (GET > /comment.php?serendipity[entry_id]=9&serendipity[type]=comments > HTTP/1.0" 200 3708 "http://12.163.72.13/"; "Mozilla/4.0 (compatible; > MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)" > ) has managed to eat every scrap of memory there is? All I could do > was to boot the server. Improve your PHP scripts: * Use POST method for html forms, not GET * perform a check: $referrer = parse_url( $_SERVER[ "HTTP_REFERER" ] ); if ( $referrer[ "host" ] != $_SERVER["HTTP_HOST"] ) { echo "Don't post from another server!"; exit(); } * set register_globals=off and so on -- Marius Andreiana Galuna - Solutii Linux in Romania http://www.galuna.ro
