[ZendTo] New feature -- DDoS protection

Jules Jules at Zend.To
Mon Oct 17 14:04:35 BST 2011


Currently if someone gets the URL for a large file off the pickup page, 
they can use that URL from anywhere to retrieve a copy of the file.

We had an instance here last week where someone told an entire botnet to 
fetch the same file repeatedly. Time to say goodnight to our ZendTo 
server due to it filling with logs: *not* because it ran out of any 
other resource, but bad anyway. :-(

So I have added a feature whereby when you click on the link in the 
email you get (as a recipient of a drop-off), you have to pass a CAPTCHA 
test (proves you're a real person and not a computer) before you can get 
at the page listing the URLs of the files. If you then take one of those 
URLs and try to use it from a different computer, it rejects the request.

If anyone is particularly interested in this, I'll put up a beta 
containing it. Otherwise it will wait for the next general release.

Cheers,

Jules

-- 
Julian Field MEng CITP CEng
www.Zend.To

Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

'It's okay to live without all the answers' - Charlie Eppes, 2011
'All programs have a desire to be useful' - Tron, 1982
'That is the land of lost content,
  I see it shining plain,
  The happy highways where I went,
  And cannot come again.' - A.E. Houseman



More information about the ZendTo mailing list