FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » FUDforum Development » Bug Reports » INSERTions into ses table for unknown users (Fantom sessions?)
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: INSERTions into ses table for unknown users [message #168075 is a reply to message #168074] Tue, 15 January 2013 15:26 Go to previous messageGo to previous message
NeXuS is currently offline  NeXuS
Messages: 121
Registered: July 2010
Location: South Korea
Karma:
Senior Member
Contributing Core Developer
Ok, two things:

1. The version you are running is outdated. The latest released version has a different session table, so the sessions also track the user's IP and user agent.
2. I am starting to think that the best way to prevent this kind of attack would be to configure your firewall correctly and limit the maximum rate of connections allowed from a single IP address (or even do temporary or permanent IP bans). I am saying this because the sysid is the same for all your logs. You should update FUDf, track down the IP and block it.

On a sidenote, the function definitely needs reworking to avoid doing an INSERT even if the key parameters are the same (e.g. IP, useragent and sysid). I will work on a patch.

[Updated on: Tue, 15 January 2013 15:27]

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: CKEditor conflicts with default formatting tools
Next Topic: Censorship bug
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri May 10 09:41:34 GMT 2024

Total time taken to generate the page: 0.06019 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software