Hi:

A think this could be useful to protect a web from "unintentional random DDOS":

A check that counts ALL active sessions in protector_access table (no matter what IP), made after anti-F5 and anti-crawler checks. You could then add a new option in Protector preferences to take some measure if your web is experiencing high trafic load.

Probably should be off by default, but could be adjusted with trial-error if our server is not very powerful and suffers occasional overloads. For example, you may decide that if there are more than 100 request per minute, all scripts should sleep for 5 seconds to lower CPU load: your web will respond slower, but if you find the right configs server won't go down.

Thank you, by the way, for this essential module.

Regards: Colossus

hi colossus.

Quote:
Certainly, it sounds a good feature for some poor environments.
OK.
I'll add it.

Hi:

Quote:
Great!

Thank you, and regards: Colossus

Hey

i think Protector Should Have this from long time , Great idea aginst kids who only knows DDOS attack to lunch a hacking attempt . but !

there is no safe way i know to protect you from DDOS attack , there was on tv a chiness Company has created a piec of hardware , i cant remeber wht they call it but this suppose to be filter u put this hardware in front of your server , when the attack lunches the Hardware filter will be the Victem here , the attacker will see this filter as the Server but truly it is not so when the attack stop.. the server will still working ok and the pepole montering the filter will work on stoping the attack before the hardware gets wore out . Search youtube for this Creation .

My point is with Protector Anti DDOS , you Can stop One Guy who ,making 100 Request in less than 5 Seconds or less . But what if there 2 Attackers or 5 or 100 or 1000 ...

this idea still Great but not effective to stop all DDOS Attacks special if there more than one attacker . we Remember How yahoo . Ebay , Cnn went down because the DDos Attack . very simple to lunch it and very hard to stop .

hi onasre.

Just read again this topic.

This feature (anti-high-load) is not for against malicious DDoS.

Of course, I know no web applications can regist real DDoS attacks.

Yah my Bad ! but high load server could be cuased by DDos .

Perhaps, Colossus indended 'anti-high-load' is a way to prevent from annoying the other users on shared server.

I think Anti-high load will be Very Useful Oiption for Proector , my website suffered several times high load which cuse my site to go down . and i came across many sites who thire sites went down cuase high load , i start think if this has any thing to do with Xoops , Because they use xoops .. and i know there many reasons for cusing the high load , some module send too many query to the mysql database which cuse the high loads in some poor servers .

hope u will add the anti load to the nex release..

Thx

you could possibly add a delay to each SQL query of a second or 2 perhaps, which would reduce the amount of calls to the DB, the added delay would reduce load a bit. not sure if that's possible or not though.