Image verification and F5 refresh

[yfmoan]

l noticed that the image verification have been ebabled two weeks ago , l have a question at that time : "why they enabled it ? any attcker doing search attack ? " , but since it is a minor restriction , l have no problem with it .

This problem did not attract my concern until l meet a F5 refresh flooding of my own (library automation system) application.

For example , let's say l am searching a title in hibernate forum , after l type a keyword "inner" in the search form and search, a list of titles return (let's said that it has 500 no. of threads return , it display 25 results/page ) . l then page it to the second page , press and hold the F5 button of my keyboard to refresh the page continuously ,

is this consider a DoS attack ?

l have tried this on the hibernate forum ( sorry , not mean to hack them , just curious what will happen) , the result is -> my friends have problem entering the hibernate forum and this is SAME behaviour for my little library application .

If any body keep on pressing the F5 button , it will consume all the CPU resource (in my case , tomcat5.exe ~ 60% , mysqlnt.exe ~ 20%) .

is this a problem or l make a mistake ?

is this has any thing doing with spring forum's image verification in search page ?

moon

[yfmoan]

l did not find info about "F5 attack" after these days of searching , it supprised me.

but l do found a funny news -

http://digg.com/security/Student_arr...adly_F5_attack

the closest info l can find is mod_evasive for apache webserver -

http://www.zdziarski.com/projects/mod_evasive/

l asked my friend whose coding an application using ASP.net , same result - CPU under heavy load after changing the submit form method from POST to GET when do paging (asp default are using POST instead of GET for form submition , and my friend cases are IIS 30% , mssql server 60%) .

l tried several websites (with databse) after the first post , almost all website behave the same if l hold the F5 button --> it prevent other user going in , and some were displaying "too many connection" , althought they can recover very fast (arround 2 minutes) , but they

ALL DID PREVENT OTHER USERS FROM ENTERING THE WEBSITE WHILE L AM PRESSING F5

moon

[RikBlankestijn]

I find this new feature the most annoying thing ever encountered on a forum. The image is hard to read. I've got a success rate of 20% when trying do a search :P (no, I've perfect eyes)

Luckily I also see a lot of forums disabling this feature because of the above reason plus it's totally unnecessary new feature for most forums.

-edit: hehe, just login and you don't have to enter the verification code.

[pukomuko]

my succes rate is less than 20%
too difficult!