Protect your site: Flood Control
It's interesting to see how many sites get taken offline for extended amounts of time, the easiest recipe is to find a search form or something similar, then put it on refresh on 20 different tabs, ask your friends and bring a tiny site down. More "advanced" techniques involve using software that will exponentially increase the amount of http requests they can make. No one site is safe from a DDoS (Distributed Denial of Service Attack) of enough magnitude, most major sites on the web (amazon, ebay, recently twitter) have suffered at one point or another. The most you can do is exercise some preventive medicine.
Drupal has an awesome tool for implementing flood protection. Two functions that work together in order to keep track of requests and help you deflect them when they become too much. Let's say you have a function that handles a request and could potentially be exploited. It's not very difficult to tell what's going on here, the two players are flood_is_allowed() and flood_register_event(). flood_is_allowed() checks to see how many flood events have been logged, the integer you pass it is the maximum amount of events you want to allow (400 is just random, use what you think is best). If it's hit the maximum, it will return false (hence the !) and you can deal with it accordingly, otherwise you register the event and move on with the execution. if your project is large enough, a firewall is always better since it does not have to hit your database, however this can be tailored to fit many different scenarios. I will continue blogging about simple ways to protect your site from your code and through module usage, check back soon!
Follow us to get updates!
