berniedolan

Viewing by month: March 2007

Beware Of Friendly DOS Attacks

March 13, 2007

Not long ago, we were experiencing a performance issue on one of our internal sites. Taking a look at the web server's access log, I noticed that the site was being hammered by requests -- all originating from the same IP address. It turned out the requests were coming from a web analytics server we have installed. Normally, this server parses through our access logs nightly and creates reports of site usage by page, etc. To make the reports more friendly to read, they had been configured to display page titles for each page (so for example, home.cfm might have "Home Page" as it's title). In order to get the page title, the analytics server was doing an http request to our site for each page in the log. Since it was doing this in rapid succession, it basically amounted to the analytics server initiating a DOS attack on our site!

Obviously I had the report stopped (normally the report runs off-hours anyway, but it had slipped into prime usage time for the site). I also arranged to have the analytics server configured to ignore page titles for a part of the web site that wasn't particularly performant to begin with. Lesson learned? Beware of friendly DOS attacks! Oh -- and don't run analytics reports in the middle of the day :)

Comments (0)   |   Related Categories: ColdFusion

Recent Pics

Categories

Monthly Archives

Tag Cloud

Feeds

Design by Luka Cvrk · Powered by Mango Blog · Copyright 2009 Bernie Dolan