Oct 7th, 2006, 11:21 PM
Image verification and F5 refresh
l noticed that the image verification have been ebabled two weeks ago , l have a question at that time : "why they enabled it ? any attcker doing search attack ? " , but since it is a minor restriction , l have no problem with it .
This problem did not attract my concern until l meet a F5 refresh flooding of my own (library automation system) application.
For example , let's say l am searching a title in hibernate forum , after l type a keyword "inner" in the search form and search, a list of titles return (let's said that it has 500 no. of threads return , it display 25 results/page ) . l then page it to the second page , press and hold the F5 button of my keyboard to refresh the page continuously ,
is this consider a DoS attack ?
l have tried this on the hibernate forum ( sorry , not mean to hack them , just curious what will happen) , the result is -> my friends have problem entering the hibernate forum and this is SAME behaviour for my little library application .
If any body keep on pressing the F5 button , it will consume all the CPU resource (in my case , tomcat5.exe ~ 60% , mysqlnt.exe ~ 20%) .
is this a problem or l make a mistake ?
is this has any thing doing with spring forum's image verification in search page ?
Oct 13th, 2006, 05:40 AM
l did not find info about "F5 attack" after these days of searching , it supprised me.
but l do found a funny news -
the closest info l can find is mod_evasive for apache webserver -
l asked my friend whose coding an application using ASP.net , same result - CPU under heavy load after changing the submit form method from POST to GET when do paging (asp default are using POST instead of GET for form submition , and my friend cases are IIS 30% , mssql server 60%) .
l tried several websites (with databse) after the first post , almost all website behave the same if l hold the F5 button --> it prevent other user going in , and some were displaying "too many connection" , althought they can recover very fast (arround 2 minutes) , but they
ALL DID PREVENT OTHER USERS FROM ENTERING THE WEBSITE WHILE L AM PRESSING F5
Oct 16th, 2006, 08:57 AM
I find this new feature the most annoying thing ever encountered on a forum. The image is hard to read. I've got a success rate of 20% when trying do a search :P (no, I've perfect eyes)
Luckily I also see a lot of forums disabling this feature because of the above reason plus it's totally unnecessary new feature for most forums.
-edit: hehe, just login and you don't have to enter the verification code.
Last edited by RikBlankestijn; Oct 16th, 2006 at 09:00 AM.
Oct 16th, 2006, 11:39 AM
please, remove the image from search
my succes rate is less than 20%