All geek questions in one place

Should I use Sleep () or just refuse them

Im implements a delay system, so any IP I find offensive will automatically receive an incremental delay through Sleep ().

My question is, will this add to CPU usage and thus kill my site anyway if the attacker just opens up new instances during the delay? Or the sleep () command uses minimal CPU / memory and there will be no heavy load on a small script. I do not want to abandon them, because I would prefer that they do not know about the limit in an obvious way, but want to hear why I should.

[Please don’t discuss why I consider IP misuse on a small site, for some reason the reason: why I recently created a script that launched a page and returned information to the user, and I noticed some IP spam from my silly little script. cURLing too often sometimes results in my results not being available on the im polling server and legitimate users get no results. ]

+6
source share
4 answers

Sleep does not use a processor or memory that is not yet used by the process receiving the call.

The problem that you will encounter when implementing sleep () is that in the end you will not have files with file descriptors, while the attacker's site is waiting for your sleep, and then your site will be inaccessible to other people trying to connect.

This is a classic DDoS scenario - an attacker doesn’t actually try to get into your computer (they can also try to do this, but this is a different repository), instead they try to harm your site using every resource you have, be it throughput, file descriptors, stream for processing, etc. - and when one of your resources is exhausted, your site does not seem to work, although your server is not actually down.

The only real protection here is to either not accept calls, or have a dynamic firewall configuration that filters out calls, or a router / firewall field that does the same thing as from your server.

+5
source

I think the problem with this would be that you could potentially have a LOT of sleeping threads lying around the system. If you find your abuse, immediately send an error message and do it.

My concern with your method is repeat intruders who get their timeout up to several hours. You will have long threads, although they do not use a processor. There are other resources to consider besides the CPU.

+5
source

Sleep () is a function that "blocks" execution for a certain amount of time. This is not equivalent:

while (x<1000000);

Since this will lead to 100% CPU utilization. It simply puts the process in the “Blocked” state on the operating system and then returns the process to the “Ready” state after the timer has risen.

Keep in mind that PHP has a default 30 second timeout. I'm not sure if "Sleep ()" matches or not (I would doubt that with its system call instead of script)

Your host may not like it if you have so many “blocked” processes, so be careful.

EDIT: According to Does Timeout Count Timeout? , it would seem that "Sleep ()" does not depend on "maximum runtime" (under Linux), as I expected. It seems to be running on Windows.

+5
source

If you do what I also tried, I think you will be in a clear form.

My authentication script built something similar to Endwood's idea. SessionID were fixed in RAM and rotated with every page call. If the conditions were not met, I would designate this session with a drawback. After three, I started adding sleep () calls to their executions. The limit was variable, but I set 3 seconds as a lucky number.

When authenticating, an attacker relies on a certain number of attempts per second to increase their attack. If this is their focus, the introduction of sleep makes the system look slower than it actually is, which, in my opinion, would be less desirable for an attack.

If you slow them down rather than flat, telling them no, you are a little more reasonable to look less attractive.

That being said, security is through the “type” of obfuscation, so you cannot really rely on it too much. Its just another factor in my general recipe :)

+1
source

Source: https://habr.com/ru/post/893650/

More articles:


All Articles