Quoting John1 (suppressed): > On Wednesday, August 24, 2005 2:29 AM, suppressed wrote: > > > >I am perfectly willing to believe I have screwed up, but I had thought > >this had been addressed with > > > >Limit robot_expire 0.05 > > > >This changes the 24-hour period to one hour. And since the first call > >is always to count_ip() without incrementing the counter (and > >therefore the mtime) the maximum lockout should be that one hour. > > > > Do you mean "Since only the first call to count_ip() increments the counter > (and therefore the mtime) the maximum lockout should be that one hour? > > If I am reading the code in count_ip correctly the addr_ctr/IP file will > only be deleted if its modified time is greater than "Limit robot_expire" > > If I understand correctly, the code in sub new_session calls count_up(1) > (and therefore updates mtime if the addr_ctr/IP file already exists) each > time a new session is created. > > Consequently the addr_ctr/IP file will keep counting up unless there is a > *gap* of greater than "limit robot_expire" before a new session id is > requested by the same IP address. Yes, this is correct. > > i.e. So if you use "Limit robot_expire 0.05", provided there are at least > 2 requests per hour for a new session id from the same IP address the > addr_ctr/IP file will keep counting up forever. Well, until it locks someone out for an hour. > > Then after a few days or weeks RobotLimit will eventually be exceeded and > the IP address will then be *permanently* locked out. By permanent I mean > until there is a gap of at least 1 hour between requests for new session > ids from the IP address in question. Aha, there is my misunderstanding. I didn't see an hour as permanent.... 8-) > > >If you have such traffic that you assign 100 legitimate IP addresses in > >an hour, it means you would have to have a much better robot defense > >than RobotLimit can supply.... > > > So what I am saying above is that you don't need 100 accesses from the IP > address to maintain a lockout, you only need at least 2 each hour to > maintain the lockout situation. This is correct. Looking at it, it may indeed be less than ideal. Perhaps someone can suggest an algorithm -- nothing clean and correct comes to my mind (new file every day, counting down instead of up if time > Limit->robot_expire * .1, etc.). In the interim, I would think Limit robot_expire 0.002 would work in all but the most extreme cases, where again I suggest you need more than RobotLimit to defend you from the onslaught. -- Mike Heins Perusion -- Expert Interchange Consulting http://www.perusion.com/ phone +1.765.647.1295 tollfree 800-949-1889 <suppressed> Be patient. God isn't finished with me yet. -- unknown _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.