Stopping hackers from overloading server with erroneous requests

Question

I have a php codeigniter (MVC) controller and associated functions that are called when a logging action occurs.

e.g. www.mysite.com/controller/logging_function/variable_to_log

I want to know the best practice solution to stopping hackers from overloading my server with erroneous logging calls. How do you differentiate between a genuine request and someone nailing your server?

I'm focussing on logging here mainly because this is an operation which involves inserting data into a table.

Thanks in advance.

Answer 1

I dont believe this is an entirely hopeless process. Here are few steps that I take. They are not perfect, or the final solution, but they do make it a pain to slam a server.

*CSRF protection for any & all POSTs. You can do this on a system, application, controller, or method level.
*Use Private and Public functions...
*For things like logging, if possible, make your methods or the entire class inaccessible to any outside referrer... Or run from the cli.
*Filter & Validate requests by type, IE get, post, ajax, etc...

Answer 2

This is called a DOS (Denial of Service) attack.

It is probably one of the harder problems to solve, as many large organisations who have had such an attack could confirm!

In reality, someone orchestrating this kind of attack properly could use compromised computers, so you can't even filter out by IP's sending large volumes of requests, as they'll all be from different computers.

The best you can do is create an alert when your system is overloaded, then investigate the problem manually.