Announcement Announcement Module
Collapse
No announcement yet.
Image verification and F5 refresh Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Image verification and F5 refresh

    l noticed that the image verification have been ebabled two weeks ago , l have a question at that time : "why they enabled it ? any attcker doing search attack ? " , but since it is a minor restriction , l have no problem with it .

    This problem did not attract my concern until l meet a F5 refresh flooding of my own (library automation system) application.

    For example , let's say l am searching a title in hibernate forum , after l type a keyword "inner" in the search form and search, a list of titles return (let's said that it has 500 no. of threads return , it display 25 results/page ) . l then page it to the second page , press and hold the F5 button of my keyboard to refresh the page continuously ,

    is this consider a DoS attack ?

    l have tried this on the hibernate forum ( sorry , not mean to hack them , just curious what will happen) , the result is -> my friends have problem entering the hibernate forum and this is SAME behaviour for my little library application .

    If any body keep on pressing the F5 button , it will consume all the CPU resource (in my case , tomcat5.exe ~ 60% , mysqlnt.exe ~ 20%) .

    is this a problem or l make a mistake ?

    is this has any thing doing with spring forum's image verification in search page ?

    moon

  • #2
    some research

    l did not find info about "F5 attack" after these days of searching , it supprised me.

    but l do found a funny news -

    http://digg.com/security/Student_arr...adly_F5_attack

    the closest info l can find is mod_evasive for apache webserver -

    http://www.zdziarski.com/projects/mod_evasive/

    l asked my friend whose coding an application using ASP.net , same result - CPU under heavy load after changing the submit form method from POST to GET when do paging (asp default are using POST instead of GET for form submition , and my friend cases are IIS 30% , mssql server 60%) .

    l tried several websites (with databse) after the first post , almost all website behave the same if l hold the F5 button --> it prevent other user going in , and some were displaying "too many connection" , althought they can recover very fast (arround 2 minutes) , but they

    ALL DID PREVENT OTHER USERS FROM ENTERING THE WEBSITE WHILE L AM PRESSING F5

    moon

    Comment


    • #3
      I find this new feature the most annoying thing ever encountered on a forum. The image is hard to read. I've got a success rate of 20% when trying do a search :P (no, I've perfect eyes)

      Luckily I also see a lot of forums disabling this feature because of the above reason plus it's totally unnecessary new feature for most forums.

      -edit: hehe, just login and you don't have to enter the verification code.
      Last edited by RikBlankestijn; Oct 16th, 2006, 09:00 AM.

      Comment


      • #4
        please, remove the image from search

        my succes rate is less than 20%
        too difficult!

        Comment

        Working...
        X