Questions tagged [denial-of-service]

Denial-of-service (or DoS) is the intentional attack of a machine or resource, aiming to make unavailable to its intended users, often by overloading it with artificially crafted requests.

Denial-of-service (or DoS) is the intentional attack of a machine or resource, aiming to make unavailable to its intended users.

Most common are network based attacks that send to the target machine a huge number of artificially crafted requests. These may be just an ordinary requests or they may be intentionally tweaked or broken to create more load than usual. Trivial attacks are easy to prevent by blocking the originating IP address but more advanced attacks may use distributed IP addresses from the whole world.

DoS attacks violate the acceptable use policies of virtually all Internet service providers (as well as official laws of certain nations).

There are various software and hardware solutions that help to protect services from such attacks.

216 questions

votes

10 answers

How to enable DDoS protection?

DDoS (Distributed Denial of Service Attacks) are generally blocked on a server level right? Is there a way to block it on a PHP level, or at least reduce it? If not, what is the fastest and most common way to stop DDoS attacks?

asked Jan 23 '13 at 10:54

rockstardev

13,479
39
164
296

votes

6 answers

Security implications of adding all domains to CORS (Access-Control-Allow-Origin: *)

It is said that instead of adding all domains to CORS, one should only add a set of domains. Yet it is sometimes not trivial to add a set of domains. E.g. if I want to publicly expose an API then for every domain that wants to make a call to that…

javascript html security cors denial-of-service

asked Oct 11 '13 at 16:29

brillout

7,804
11
72
84

votes

3 answers

Denial of Service - http proxy - React

I am pretty sure that this error appeared only today and it never occurred before. When I create a new react app, the process found 1 high vulnerability: High: Denial of Service Package: …

reactjs http-proxy denial-of-service

asked May 15 '20 at 08:39

Fabio

votes

8 answers

Most Robust way of reading a file or stream using Java (to prevent DoS attacks)

Currently I have the below code for reading an InputStream. I am storing the whole file into a StringBuilder variable and processing this string afterwards. public static String getContentFromInputStream(InputStream inputStream) // public static…

java bufferedreader readline denial-of-service

asked Jun 13 '13 at 10:22

Unni Kris

3,081
4
35
57

votes

1 answer

Can I use AWS route 53 and Cloudflare at the same time?

Currently, I am using Route53 to manage my domains, subdomains etc. But I want to add DDoS protection to my endpoints. So I want to use Cloudflare also. But I couldn't find a way to use two of them at the same time, can I put Cloudflare dos…

amazon-web-services cloudflare amazon-route53 denial-of-service

asked Mar 23 '17 at 09:47

bilal

votes

3 answers

Best practices for detecting DOS (denial of service) attacks?

I am looking for best practices for detecting and preventing DOS in the service implementation (not external network monitoring). The service handles queries for user, group and attribute information. What is your favorite source of information on…

security denial-of-service

asked Sep 20 '08 at 13:02

David G

6,249
4
33
31

votes

3 answers

Best practices for preventing Denial of Service Attack in Django

What are the best practices in Django to detect and prevent DoS attacks... Are there any ready to use apps or middleware available which prevents website access and scan through bots?

python django security denial-of-service

asked Jul 31 '11 at 14:02

Software Enthusiastic

25,147
16
58
68

votes

1 answer

Denial of Service attack on Parse.com app

I'm writing a small web application as I'm learning to use the features of Parse.com. Since application_id and javascript_key are both public (as explained in the doc), it means anyone is free to run code like illustrated in the following…

parse-platform denial-of-service

asked Mar 11 '15 at 14:41

Jem

6,226
14
56
74

votes

2 answers

How can I use PHP's various XML libraries to get DOM-like functionality and avoid DoS vulnerabilities, like Billion Laughs or Quadratic Blowup?

I'm writing a web application that has an XML API in PHP, and I'm worried about three specific vulnerabilities, all related to inline DOCTYPE definitions: local file inclusion, quadratic entity blowup, and exponential entity blowup. I'd love to use…

php security xml-parsing doctype denial-of-service

asked Apr 18 '12 at 15:30

lordbyron

votes

1 answer

How was the hash collision issue in ASP.NET fixed (MS11-100)?

As reported by Slashdot, MS issued an update to ASP.NET to fix the hash collision attack today. (Listed as "Collisions in HashTable May Cause DoS Vulnerability - CVE-2011-3414" on the linked Technet page.) The problem is that the POST data are…

asp.net .net denial-of-service hash-collision ms11-100

asked Dec 29 '11 at 20:25

svick

236,525
50
385
514

votes

3 answers

Does Windows Azure have anything readily available against denial of service attacks?

We're developing a web service hosted in Windows Azure. We expect that at some moments bad guys try to DDOS it. I Googled and didn't find anything new and definitive (this one is rather vague) about whether Windows Azure has some features against…

windows security azure reliability denial-of-service

asked Sep 05 '11 at 13:54

sharptooth

167,383
100
513
979

votes

1 answer

nodejs server against DOS attacks

I'm in the process of writting a highly scaleable browser based web chat server using nodejs. The concept involved is simple - first it checks browser for websocket support. If not suported or otherwise is incompatible with the server specs, it…

javascript node.js denial-of-service

asked Feb 07 '13 at 16:13

spaceman12

1,039
11
18

votes

5 answers

Which kind of webapps can realistically be affected by the floating bug?

There's an easy way to totally lock a lot of JVM: class runhang { public static void main(String[] args) { System.out.println("Test:"); double d = Double.parseDouble("2.2250738585072012e-308"); System.out.println("Value: " + d); } } or, to…

java floating-point denial-of-service

asked Feb 09 '11 at 18:40

SyntaxT3rr0r

27,745
21
87
120

votes

3 answers

How to protect an OpenID consumer against abuse?

I am considering OpenID as a login method for my PHP application, but there is one thing that prevents me from continuing: how can I protect an OpenID consumer against abuse? An example of abusing OpenID by using a consumer as proxy Abuse includes…

openid denial-of-service

asked Oct 09 '11 at 14:36

Lekensteyn

64,486
22
159
192

votes

1 answer

How can I protect my Meteor server from an infinite loop on the client?

I've run into a situation where an infinite loop on the client is crashing the Meteor server. The infinite loop is a bug that I will fix, and not the subject of this question. My concern is that a malicious user could create their own infinite…

meteor infinite-loop denial-of-service ddp

asked Jan 09 '15 at 20:35

colllin

9,442
9
49
65

2 3

…

14 15 Next