10 Jun
2003
10 Jun
'03
7:56 a.m.
On Friday 06 June 2003 21:28, Jamie Heilman wrote:
Quick way to add 100 zodb connections and ~90M to the memory footprint with relatively little clue of who is responsible assuming traditional logging; presumeably one would get much trickier if they really wanted to obfuscate the source of attack, slowly crawling the site, changing the user-agent string, etc.
Attached is a temporary patch to block this denial of service attack. This patch applies cleanly to the trunk and the 2.6 branch. This patch works by blocking all access to versions in the publisher, so dont apply it if you cant afford to stop using versions -- Toby Dickenson http://www.geminidataloggers.com/people/tdickenson