-
-
Notifications
You must be signed in to change notification settings - Fork 261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Features Request List #34
Comments
If you are refering to what you said in number This to be exact.
It would break there method it is possible but extremely difficult same as Google Captcha is possible to be bypassed but extremely difficult. Let alone the fact that what the config sets for Below i list features you should implement to provide better security.
You need to describe what this is because I have no idea what you are talking about with this ?
The only reason I don't want to be doing Reverse DNS is because when connecting to external sources it can cause slow downs / lag it defeats the purpose of a ddos script if you create an external flaw that can intentionaly slow it down in order to get data / wait for data response.
So rather than the puzzle be solved by the browser as soon as the browser can solve it you want to delay the browser for like another 3 seconds before it solves the puzzle ?
I was asked about this and gave my answer here it is TODO list item but not a urgent one #31 (comment)
No. There is no need to store their sessions on the server itself when my session method of salted hashes and browser cookies works fine... And besides that is a terrible thing to do when under attack because 1million requests = 1million sessions to be stored means your server storage gets maxed out with bogus sessions it is a very very bad idea and to easy to exploit.
Going back to this again it is not a urgent thing on my TODO list #31 (comment)
That goes back to my comment about connecting to external sources it is a bottle neck that can degrade speed and performance when they are slow in answering your query on a IP that is connecting you want that information ASAP when they slow for 500ms your site can't respond for 500ms until you get that answer about is that IP malicious or not.
Easy enough.
I put the config area at the top of the file so nobody has to scroll down any lower.
Could be good maybe to make to add some features that I do not want to be associated with the CORE of this script and have them be dropped on as plugins by users if they need them. Will see what i can do when it comes to it. Currently what I have listed here #29 Are my priority right now everything else is a maybe but if other people do build things in and make a Pull request to the repo I will accept them and that will speed things up in features area currently I am building allot in my spare time through my own needs on my own servers. |
Sensor Mode - Automatic attack detection mentoined this but noticed later that it was already requested. |
Ok I see so you want localized files for them then that is possible but it
will have to wait for me to finish the Auto-DDoS switch feature since that
requires a shared memory zone then those features could also use it.
…On Wed, 8 Apr 2020, 21:17 Sylvvvia, ***@***.***> wrote:
Sensor Mode - Automatic attack detection mentoined this but noticed later
that it was already requested.
Reverse DNS checkup can be made only when someone is requesting with bot
user agent. Imagine now that you whitelist google bot and you get ddos with
1mln requests per second with google bot user agent. And no there is no
proper way to whitelist it except reverse dns lookup since google changes
their ip range almost all the time.
SpamHaus can be integrated as .dat file so you're not making any external
request simply lookup on the ip range in file.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#34 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AC5DUK5HBU2556ANDQAV47TRLTLWTANCNFSM4MEDD4RQ>
.
|
Would also suggest integration of custom error display like cloudflare has. Once those features will exist i would gladly switch from current cloudflare enterprise plan to your script. Since we get ddos every day for now it's simply not safe for us. |
You can use it with cloudflare even on unproxied domains dns only etc I
made it compatible with all since that is how I currently use it In a
production environment.
But the custom errors should be easy to implement I will put that on the
todo list since it can be done pretty quickly.
Don't get me wrong I love cloudflare but their pricing is awful and I am a
believer in for everyone not for their monopoly market and I want those who
can't afford or use such services to have the same quality protection.
…On Wed, 8 Apr 2020, 21:26 Sylvvvia, ***@***.***> wrote:
Would also suggest integration of custom error display like cloudflare
has. Once those features will exist i would gladly switch from current
cloudflare enterprise plan to your script. Since we get ddos every day for
now it's simply not safe for us.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#34 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AC5DUK7FDKHEYGCNJUX5KZDRLTMY7ANCNFSM4MEDD4RQ>
.
|
Well cloudflare even in enterprise doesn't offer anything special. My company uses enterprise plan from year already. There was tons of attacks that was bypassing cloudflare's protection system and we have spent houndred of hours asking their support for help and always response was pretty much the same (enable rate limit blah blah blah) few times they have made special rules for us but literally their protection it's just imagination. There is no protection for real websites from them that gets hit on hour basis with milions of requests. Basically only what we love in cloudflare is their datacenters amount so our streaming services with enterprise plan goes worlwide through their network but we're able to invest money in servers, main problem is that there will be lack of layer7 protection which we hope you gonna improve. |
Going to Close this issue to keep track of it under the TODO list i made previously. |
@C0nw0nk - rdns lookup no longer required. We have installed this module for tests: |
Okay i have fully tested your script. It work very well however it is easy to bypass your script. Below i list features you should implement to provide better security.
Optional Features:
The text was updated successfully, but these errors were encountered: