denial-of-service | 易学教程

Reliably stopping an unresponsive thread

阅读更多关于 Reliably stopping an unresponsive thread

问题 I'm wondering how to stop an unresponsive thread in Java, such that it's really dead. First of all, I'm well aware of Thread.stop() being deprecated and why it should not be used; there are already many excellent answers on this topic, cf. [1][2]. So, the question more precisely is, whether it's actually technically possibly to kill a thread which code is not controlled by us but possibly hostile and not responding to interrupts. In the simplest case, a hostile thread would be running while

Exception in Socket Threading - No connection could be made because the target machine actively refused it

阅读更多关于 Exception in Socket Threading - No connection could be made because the target machine actively refused it

来源： https://stackoverflow.com/questions/64823716/exception-in-socket-threading-no-connection-could-be-made-because-the-target-m

Getting warning : Denial of Service

阅读更多关于 Getting warning : Denial of Service

问题 Customer.find(:all, :select => 'id', :order => 'updated_at DESC', :readonly => true, :conditions => { :status_id => Customer.id_for_status(params[:id].to_sym) }, :offset => offset, :limit => 30).collect(&:id) Above is my query in that I am getting warning like Symbol conversion from unsafe string (parameter value) near line 33: params[:id].to_sym This is the warning of Denial of Service. Anybody have any idea how can I fix this warning? Thanks In Advance 回答1: The problem here is params[:id]

How can I use PHP's various XML libraries to get DOM-like functionality and avoid DoS vulnerabilities, like Billion Laughs or Quadratic Blowup?

阅读更多关于 How can I use PHP's various XML libraries to get DOM-like functionality and avoid DoS vulnerabilities, like Billion Laughs or Quadratic Blowup?

问题 I'm writing a web application that has an XML API in PHP, and I'm worried about three specific vulnerabilities, all related to inline DOCTYPE definitions: local file inclusion, quadratic entity blowup, and exponential entity blowup. I'd love to use PHP's (5.3) built in libraries, but I want to make sure I'm not susceptible to these. I found I can eliminate LFI with libxml_disable_entity_loader, but this doesn't help with inline ENTITY declarations, including entities that refer to other

Protect yourself against Dos attacks

阅读更多关于 Protect yourself against Dos attacks

问题 This might be something more suited for Serverfault, but many webdevelopers who come only here will probably benefit from possible answers to this question. The question is: How do you effectively protect yourself against Denial Of Service attacks against your webserver? I asked myself this after reading this article For those not familiar, here's what I remember about it: a DoS attack will attempt to occupy all your connections by repeatedly sending bogus headers to your servers. By doing so

How to enable DDoS protection?

阅读更多关于 How to enable DDoS protection?

问题 DDoS (Distributed Denial of Service Attacks) are generally blocked on a server level right? Is there a way to block it on a PHP level, or at least reduce it? If not, what is the fastest and most common way to stop DDoS attacks? 回答1: DDOS is a family of attacks which overwhelm key systems in the datacenter including: The hosting center's network connection to the internet The hosting center's internal network and routers Your firewall and load balancers Your web servers, application servers

HashDoS: how can worst case complexity of Hashtable be O(n^2)?

阅读更多关于 HashDoS: how can worst case complexity of Hashtable be O(n^2)?

问题 By now many of you must have heard about HashDoS. The researchers who found this, claim in their video that the worst case complexity of Hastable is O(n^2) . How can this be? 回答1: The question is worded in an incorrect way. The researchers do not claim that "the worst case complexity of Hashtables is O(n^2)". What they claim is that "The [...] complexity of inserting n elements into the table [...] goes to O(n^2)." So, the complexity of a single operation is O(n). Which makes sense: if all

Can't Access Plesk Admin Because Of DOS Attack, Block IP Address Through SSH?

阅读更多关于 Can't Access Plesk Admin Because Of DOS Attack, Block IP Address Through SSH?

问题 I can't access Plesk Amdin because of DOS attack; can I block a hostname or IP address through SSH? If so, how would I be able to do this? Thank you! 回答1: If you have iptables you can block it using simple rule: iptables -I INPUT --source 1.2.3.4 -j DROP This rule drops packets coming from IP 1.2.3.4. 回答2: Probably the easiest is to SSH to your box use vim to and add the following to the top of your .htaccess file in the root of your domain ( /var/www/vhosts/yourdomain.com/httpdocs/.htaccess

HashDoS: how can worst case complexity of Hashtable be O(n^2)?

阅读更多关于 HashDoS: how can worst case complexity of Hashtable be O(n^2)?

By now many of you must have heard about HashDoS . The researchers who found this, claim in their video that the worst case complexity of Hastable is O(n^2) . How can this be? The question is worded in an incorrect way. The researchers do not claim that "the worst case complexity of Hashtables is O(n^2)". What they claim is that "The [...] complexity of inserting n elements into the table [...] goes to O(n^2)." So, the complexity of a single operation is O(n). Which makes sense: if all keys have the same hash, then they all go into the same bucket, which is just an array or a linked list, so

Servlet filters for abuse prevention? (DoS, spam, etc)

阅读更多关于 Servlet filters for abuse prevention? (DoS, spam, etc)

问题 I'm looking for a servlet filter library that helps me secure our web service against unauthorized usage and DDoS. We have "authorized clients" for our web service, so ideally the filter would help detect clients that aren't authorized or behave improperly, or detect multiple people using the same account. Also we need a way to prevent DoS'ing of our various services since we have an open-account policy -- limiting the number of simultaneous connections for a user, etc. We've looked at the