current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Programmers Stack Exchange is a question and answer site for professional programmers interested in conceptual questions about software development. It's 100% free.
up vote 0 down vote favorite
1

I have a PHP page the sole purpose of which is to spawn a bash script to run some background code (10-15 seconds run time), and then forward to a second page. The second page waits for the background code to run and displays the output.

Obviously, this set up is fertile ground for a DoS attack. Can anyone comment on the best practices to prevent such an attack in this situation? To prevent a non-distributed DoS attack I've considered keeping a log of IP addresses and times for each request and checking each new request against that list. If <30 seconds from last request, it'll kick out the request. A distributed DoS attack could be prevented by looking at the number of active spawned processes and kicking out new ones giving a "Server Busy" message, or setting up a queue.

Does this sound reasonable?

share|improve this question
    
How much legitimate usage do you expect this to get? Is it just one admin user running one job a day on one physical machine, or a utility the general public will have access to? –  Ixrec Jul 10 at 19:20
1  
Not enough information. there are different resources a DDoS can exhaust and not all of them involve network traffic. Your "workaround" could be nothing more than another attack vector. –  Snowman Jul 10 at 19:26
    
This tool is publicly accessible, yes. I already have some safeguards in place to prevent network traffic DoS, it is overutilization of server resources that I'm trying to mitigate. –  user255406 Jul 10 at 19:43

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.