Jump to content

Best approach to preventing abuse of resource intensive script?


Axeia

Recommended Posts

I'm writing a script that lets a user create a custom graph and at the end of the ride the graph is created via either GD2 or Imagick, depending on if I figure out how to draw a pie slice with imagick.

 

Anyhow, GD2 and Imagick take their toll on the server as they're both quite 'heavy' processes and I'd like to restrict the user to create a graph at most once every 10 seconds. What's the best approach to this, sessions, sessions in combination with cookies, something completely different?

Link to comment
Share on other sites

Sessions would be easy for malicious users to circumvent, but they are pretty much your only option unless you want to do it by IP address.

 

 

With sessions it would be something simple like:

 

<?php

 

session_start();

 

if($_SESSION['last_graphed'] >= time()-10) {

    //please wait 10 seconds

}

 

//Somewhere else, you would do $_SESSION['last_graphed'] = time().

Link to comment
Share on other sites

mmh didn't even think of IP addresses, guess that's worth looking into.

 

A real IP address takes a couple of seconds, so that would be a nice way but I've no clue as how long it would take with IP spoofing. But combining it the session bit you just posted it would at least be quite hard to get the server to be make images nonstop not having time for the normal things.

 

Thanks for the help, if anyone else has other/better idea's I'd love to hear them.

Link to comment
Share on other sites

It wouldn't be user friendly, but you could of course make people wait 10 seconds before making a graph.  Kind of like rapidshare (or megaupload or so on) does with downloading.  Even if you change IPs or what ever, you still have to wait the time.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.