someone needs to get a life

I saw that after this, that script kiddie tried to run another wave while I was attending an appointment. it amounted to a little spike in server CPU usage, but that's about it.

tee hee.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

zafkflzdasd

oh yeah a bit more context

the first iteration of the attack consisted into spamming a huge amount of "*e* *e* *e* *e*" into the search query, which caused it to take forever to be processed, and, if repeated quickly enough, caused the MySQL server to give up on life alltogether.

it turns out nothing was enforcing a length limit on the search query, so I fixed that.

100 characters ought to be enough for everyone? yeah, our friend was still doing the same shit, even with 100 characters it was enough. because the abuse of *'s meant the queries were returning basically every post on the board.

so I changed it to reject any query that had more than 3 *'s.

then the little moron just decided to keep spamming queries like "a*b*c" over and over again, which is what was quoted above. it was several bursts of those requests, but one of them had the useragent changed to that (instead of having some generic useragent), so I found that amusing.

in any case, now it limits how many searches you can run within a 5-minute period, so that will defeat his little attack entirely. I doubt he has the means to evolve this into an actual DDoS.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

zafkflzdasd