|Anonymous | Login | Signup for a new account||2017-08-22 16:38 CEST|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000764||YaCy||[All Projects] General||public||2017-07-22 09:30||2017-08-17 08:29|
|Product Version||YaCy 1.9|
|Target Version||Fixed in Version|
|Summary||0000764: Its possible to overload a peer just by asking for.|
|Description||Its possible to overload a peer just by asking for the network peers page with a wget loop.|
My system slowly uses more swap area until the system is non responsive.
|Tags||No tags attached.|
|Are you requesting the raw /Network.html page (with the network picture overview), or one page such as /Network.html?page=1&maxCount=1000 (Active Principal and Senior Peers)?|
Yes thats the URL there are others. Most peers it is a public page and open to abuse. I have seen my JVM spike a few times and make my system go into heavy swap action.
Could you have a http 503 if particular IP is accessing your peer too often?
I guess one would want to be able to set the threshold depending on CPU Power eg RaspberryPi or similar or some multi-core cloud computer.
Yes more generally integrating the Jetty Dos filter protection (http://www.eclipse.org/jetty/documentation/current/dos-filter.html [^]) is maybe something to consider.
But again on this specific case, which URL are you exactly requesting? I ask this to be sure to reproduce your case, because the overview page with the picture (/Network.html) already implements some protection against abuses from unauthenticated users (see https://github.com/yacy/yacy_search_server/blob/Release_1.92/htroot/NetworkPicture.java#L53 [^]).
|2017-07-22 09:30||smokingwheels||New Issue|
|2017-08-16 08:26||luc||Note Added: 0001469|
|2017-08-16 22:32||smokingwheels||Note Added: 0001470|
|2017-08-17 08:29||luc||Note Added: 0001471|
|Copyright © 2000 - 2017 MantisBT Team|