B4J Question HTTP Flooding Server Request

Discussion in 'B4J Questions' started by aaronk, Jun 3, 2019.

  1. aaronk

    aaronk Well-Known Member Licensed User

    Hi,

    I have my B4J app running on a VPS.

    In my B4J app I am running a HTTP Server.

    I noticed in the HTTP log, that someone is flooding my server with invalid web requests.

    The above log is just some events.

    Just wondering would the DoSFilter help stop people flooding my B4J app with these invalid requests ?
    https://www.b4x.com/android/forum/threads/dosfilter-request-timeout.70426/#content
     
  2. Erel

    Erel Administrator Staff Member Licensed User

    Worth adding the DoSFilter though this is not a denial of service attack. The request rate is quite low.

    Someone is trying to find a vulnerable PHP script on your server (will not happen as this is not a PHP server).
     
    inakigarm and alwaysbusy like this.
  3. aaronk

    aaronk Well-Known Member Licensed User

    Is there a way in blocking the user if they submit an xx of invalid requests ?

    For example if they submit 10-15 invalid requests in a 10 second period, then block them from accessing the HTTP server for 10 minutes ?
     
  4. alwaysbusy

    alwaysbusy Expert Licensed User

  5. Erel

    Erel Administrator Staff Member Licensed User

    Start with blocking the ip address in the server firewall.
     
  6. aaronk

    aaronk Well-Known Member Licensed User

    Would adding something like the following code block the users request, if they submit multiple requests within 5 seconds ?
    Code:
    srvr.AddDoSFilter("/*", CreateMap("maxRequestMs"5000))
    What happens if I am using a web socket & UDP messages, will this also trigger this feature or does it only work HTTP requests ?

    Just trying to understand what the above does.

    I will need to look into that. Looks interesting. You ever used anything like this before ?


    I will need to look into that.
    My VPS hosting company provides a external firewall and they use the OpenStack Compute API. So will need to work out how they use the API to add/delete rules using the API. Don't know if I can add firewall rules using the API and the API is mainly used for adding new VPS nodes to my account.
     
  7. alwaysbusy

    alwaysbusy Expert Licensed User

    No, but I will investigate it too when I find the time. Just to have some knowledge on how stuff works as we have an external contractor who does these things for us in my day job.
     
  8. Alexander Stolte

    Alexander Stolte Well-Known Member Licensed User

    I use Fail2Ban on my Server successfully, the IPs are banned.

    I have made a checklist to setting up a VPS for my own, one section is security and this is what i use for Fail2Ban (But only for SSH):
    Code:
    apt-get install fail2ban

    nano /etc/fail2ban/jail.local

    [ssh]
    enabled = 
    true
    port = ssh
    filter = sshd
    logpath = /var/
    log/fail2ban.log
    findtime  = 
    60000
    bantime = 
    36000000
    maxretry = 
    3

    service ssh restart
    After 5 Minutes I already had a lot of banned IP addresses who tried to connect to SSH.

    Just my 50ct :)
     
    udg, inakigarm and alwaysbusy like this.
  9. Erel

    Erel Administrator Staff Member Licensed User

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice