Welcome, Guest ( Customer Panel | Login )




 All Forums
 VPCart Forum
 Problems and bugs
 D.O.S. Attempt
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

surplus
Starting Member

Canada
16 Posts

Posted - August 24 2012 :  11:45:45  Show Profile  Visit surplus's Homepage  Reply with Quote
Last night some character wrote a script to repeatidly submit the same order
to our shopping cart over 400 times. Seems like a low-tech form of a D.O.S. attack.
Can't imagine anyone doing this manually.
Has anyone else experienced this?
My first thought is that we need a method to block an IP if it creates an order more
than 10 times per hour.
Does anyone (ie. Cam or Simon) have any better ideas or suggestions to prevent this?

Payment Details ---
Payment Type = Order Canceled ***
IP address = 70.31.62.195
Selected Currency = CAD

Probably would be a worthwhile investment for us to design some protection for this type of crazy stuff.

Thanks for any feedback!

Bob
www.fcsurplus.com




Edited by - surplus on August 24 2012 12:43:25

surplus
Starting Member

Canada
16 Posts

Posted - August 24 2012 :  12:05:27  Show Profile  Visit surplus's Homepage  Reply with Quote
At little more info on this.
It was actually around 1200 identical orders received on our VPASP cart in 2 minutes.

Some kind of script loaded up our orders database with cancelled orders until finally our cart just locked up!

Seems that a throttle on shopcreateorder.asp might be an idea.

If the same customerid was restriced to say 10 orders per hour (or per day) then the SQL database would be protected.

I see we have a limit on the number of downloads (xdownloadlimitcount) allowed.

Something similar might protect shopcreateorder from being reloaded a zillion times by a script?


Bob

Edited by - surplus on August 25 2012 12:12:48
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00