Re: Proposed Programming Effort – January 10, 2013
Posted by EQF on January 12, 2013 at 07:01:20:

The relatively simple WWWBoard clones can suffer from the following two types of hacker attacks and probably a host of others:

1. A simple “Denial of Service” attack involving a large number of compromised PC sending repeated “Post” requests to the board program. Without the right password information the board will just generate an error message for each request.

2. A more dangerous attack coming from a number of compromised PCs that are using legitimate password information. In that case the board will quickly be saturated with bogus messages.

To deal with those types of threats I have added several modifications to my own board program.

One limits the number of posts that are possible during specific units of time. If that or those numbers are exceeded the board simply refuses to post any more notes until a new time window or time windows open.

Another modification keeps track of the total number of requests for any note to be posted, with or without accurate password information. If that number is exceeded during specific units of time the board complexly blocks itself from doing anything including generating error messages until I manually reset something at my Web site.

There are some additional security modifications that I am planning to add.


Follow Ups:
     ● Re: Proposed Programming Effort – January 10, 2013 - Skywise  17:08:25 - 1/12/2013  (100079)  (1)
        ● Re: Proposed Programming Effort – January 10, 2013 - EQF  17:30:58 - 1/13/2013  (100083)  (1)
           ● Re: Proposed Programming Effort – January 10, 2013 - EQF  05:29:04 - 1/15/2013  (100086)  (0)