[ic] Fwd: continuing problems with routine to stop DDos attack working but has problems
davideth at whojamadoogle.com
davideth at whojamadoogle.com
Fri Aug 15 21:26:43 UTC 2025
Wow! What a difference!
The response time on the site is blazing. Here is an example of
error.log from /catalogs/h###acpz showing the outright rejection for
sites not providing a human response.
20.171.207.51 - - [15/August/2025:11:40:43 -0500] huldacpz
/cgi-bin/cart.cgi getting valid session id= name= !!!
20.171.207.51 - - [15/August/2025:11:41:43 -0500] huldacpz
/cgi-bin/cart.cgi timeout getting valid
20.171.207.51 - - [15/August/2025:11:41:43 -0500] huldacpz
/cgi-bin/cart.cgi valid session id= failed
91.242.162.5 - - [15/August/2025:11:51:09 -0500] huldacpz
/cgi-bin/cart.cgi/UZI-3c.html getting valid session id= name= !!!
91.242.162.5 - - [15/August/2025:11:52:09 -0500] huldacpz
/cgi-bin/cart.cgi/UZI-3c.html timeout getting valid
91.242.162.5 - - [15/August/2025:11:52:09 -0500] huldacpz
/cgi-bin/cart.cgi/UZI-3c.html valid session id= failed
40.77.167.33 - - [15/August/2025:11:55:02 -0500] huldacpz
/cgi-bin/cart.cgi/ getting valid session id= name= !!!
40.77.167.33 - - [15/August/2025:11:56:02 -0500] huldacpz
/cgi-bin/cart.cgi/ timeout getting valid
40.77.167.33 - - [15/August/2025:11:56:02 -0500] huldacpz
/cgi-bin/cart.cgi/ valid session id= failed
Sites that have previous valid cookies are still accepted.
On 8/12/25 19:01, davideth at whojamadoogle.com wrote:
> Finally, improved results. Going from total lockdowns and inability to
> even access the site to reasonable activity and bumping of many
> invalid requests.
>
> Here is an example from error.log in catalogs/h...cp. :
>
> 216.244.66.246 - - [12/August/2025:17:26:31 -0500] huldacpz
> /cgi-bin/cart.cgi/index.html timeout getting valid
> 216.244.66.246 - - [12/August/2025:17:26:31 -0500] huldacpz
> /cgi-bin/cart.cgi/index.html valid session id= failed
>
> 216.244.66.246 - - [12/August/2025:17:26:00 -0500] huldacpz
> /cgi-bin/cart.cgi/contact.html valid session id= failed
>
>
> # prior existing sessions are not trapped:
>
> #189.203.236.147 rVcd8cXo:189.203.236.147 - [12/August/2025:17:24:43
> -0500] huldacpz /cgi-bin/cart.cgi/zapperaccessories session name now
> rVcd8cXo:189.203.236.147
> #177.231.19.31 tjDL8aqk:177.231.19.31 - [12/August/2025:17:24:43
> -0500] huldacpz /cgi-bin/cart.cgi/process/locale/de_DE/page/index
> session name now tjDL8aqk:177.231.19.31
>
> #So in order to eliminate existing sessions, the following can be run
> in catalogs/mycatalogname/session/
>
> #Warning! be sure that no orders were received after the date entered
> otherwise, you can lose placed ordeers or anything important:
>
> #find ./* -type f -newermt "2025-08-12" -exec rm -f {} \;
>
>
>
> #What works and what does not.
>
> #All routines handled in session.pm sub new_session()
>
>
> sub new_session {
> my($seed) = @_;
> my($name);
> my $Val;
>
> ::logError("getting valid session id=$Vend::SessionID
> name=$Vend::SessionName !!!"); # 11 Aug 2025 DLE
> # clear valid page and continue
> if (::display_init_page('valid') eq 0 )
> {
> $Vend::HaveSession = 0;
> # write_session();
> ::logError("valid session id=$Vend::SessionID failed");
> close_session();
> return;
> }
>
> open_session();
>
> # remaining code is the same except for
>
>
> ::logError("session name now $Vend::SessionName"); # 5 Aug 2025 DLE
>
> }
>
> On 8/12/25 15:00, davideth at whojamadoogle.com wrote:
>> Would it be better if the checkbox was called from dispatch.pm before
>> session activity?
>>
>>
>> On 8/12/25 14:35, davideth at whojamadoogle.com wrote:
>>> The problem is that interchange is now generating excess resource
>>> usage which locks up interchange.
>>>
>>> In session.pm
>>>
>>> sub new_session {
>>> my($seed) = @_;
>>> my($name);
>>> my $Val;
>>>
>>> ::logError("getting valid session id=$Vend::SessionID
>>> name=$Vend::SessionName !!!"); # 11 Aug 2025 DLE
>>> # clear valid page and continue
>>> if (::display_init_page('valid') eq 0 )
>>> {
>>> ::logError("valid session id=$Vend::SessionID failed");
>>> close_session();
>>> return;
>>> }
>>>
>>> # continue normal session generation
>>>
>>> ::logError("rcvd valid session id=$Vend::SessionID !!!"); # 12
>>> Aug 2025 DLE
>>>
>>> open_session();
>>>
>>> # ...
>>>
>>> }
>>>
>>> sub display_init_page
>>> {
>>> # my ($field,$value,$opt) = @_;
>>> my $mv_verified = "";
>>> my ($name1);
>>> my $start_time = time();
>>> my $timeout = 60; # 120 seconds
>>> my $timeout2 = 5; # 120 seconds
>>> my $i = 0;
>>> my $ref;
>>>
>>> ::display_page('valid'); # this send the checkbox to remote IP
>>>
>>> while (time() - $start_time < $timeout) # wait for a response
>>> {
>>> if ($mv_verified) # mv_nextpage
>>> {
>>> ::logError("rcvd valid verification page"); # 5 Aug
>>> 2025 DLE
>>> return(1);
>>> }
>>> }
>>>
>>> ::logError("timeout getting valid"); # 8 Aug 2025 DLE
>>>
>>> return(0);
>>>
>>> }
>>>
>>>
>>> # from error.log in huldacpz showing 2 failed requests
>>>
>>> 213.230.93.86 uFZa8o7Q:213.230.93.86 - [12/August/2025:12:57:18
>>> -0500] huldacpz /cgi-bin/cart.cgi/aboutus getting valid session
>>> id=uFZa8o7Q name=uFZa8o7Q:213.230.93.86 !!!
>>>
>>> 213.230.93.86 uFZa8o7Q:213.230.93.86 - [12/August/2025:12:58:18
>>> -0500] huldacpz /cgi-bin/cart.cgi/aboutus timeout getting valid
>>> 213.230.93.86 uFZa8o7Q:213.230.93.86 - [12/August/2025:12:58:18
>>> -0500] huldacpz /cgi-bin/cart.cgi/aboutus valid session id=uFZa8o7Q
>>> failed
>>>
>>>
>>> 14.169.226.68 RUbpxrpm:14.169.226.68 - [12/August/2025:12:57:22
>>> -0500] huldacpz /cgi-bin/cart.cgi/zappercomparisonchart getting
>>> valid session id=RUbpxrpm name=RUbpxrpm:14.169.226.68 !!!
>>>
>>> 14.169.226.68 RUbpxrpm:14.169.226.68 - [12/August/2025:12:58:22
>>> -0500] huldacpz /cgi-bin/cart.cgi/zappercomparisonchart timeout
>>> getting valid
>>> 14.169.226.68 RUbpxrpm:14.169.226.68 - [12/August/2025:12:58:22
>>> -0500] huldacpz /cgi-bin/cart.cgi/zappercomparisonchart valid
>>> session id=RUbpxrpm failed
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.interchangecommerce.org/pipermail/interchange-users/attachments/20250815/425b41ff/attachment.htm>
More information about the interchange-users
mailing list