Skip to main content
22 questions
Newest Active Bountied Unanswered
94 votes
10 answers
72k views

DDoS (Distributed Denial of Service Attacks) are generally blocked on a server level right? Is there a way to block it on a PHP level, or at least reduce it? If not, what is the fastest and most ...
rockstardev's user avatar
  • 13.6k
42 votes
6 answers
25k views

It is said that instead of adding all domains to CORS, one should only add a set of domains. Yet it is sometimes not trivial to add a set of domains. E.g. if I want to publicly expose an API then for ...
brillout's user avatar
  • 7,464
25 votes
8 answers
55k views

Currently I have the below code for reading an InputStream. I am storing the whole file into a StringBuilder variable and processing this string afterwards. public static String ...
Unni Kris's user avatar
  • 3,103
155 votes
15 answers
233k views

This question about zip bombs naturally led me to the Wikipedia page on the topic. The article mentions an example of a 45.1 kb zip file that decompresses to 1.3 exabytes. What are the principles/...
pufferfish's user avatar
  • 17.7k
12 votes
2 answers
4k views

I'm writing a web application that has an XML API in PHP, and I'm worried about three specific vulnerabilities, all related to inline DOCTYPE definitions: local file inclusion, quadratic entity blowup,...
lordbyron's user avatar
  • 608
17 votes
3 answers
14k views

I am looking for best practices for detecting and preventing DOS in the service implementation (not external network monitoring). The service handles queries for user, group and attribute information. ...
David G's user avatar
  • 6,337
13 votes
1 answer
783 views

I'm writing a small web application as I'm learning to use the features of Parse.com. Since application_id and javascript_key are both public (as explained in the doc), it means anyone is free to run ...
Jem's user avatar
  • 6,456
9 votes
5 answers
1k views

There's an easy way to totally lock a lot of JVM: class runhang { public static void main(String[] args) { System.out.println("Test:"); double d = Double.parseDouble("2.2250738585072012e-308"); ...
SyntaxT3rr0r's user avatar
  • 28.4k
0 votes
2 answers
5k views

I live in an open community.. I run a game on a dedicated server and have no idea about ddos security, I am trying to stop concurrent attacks against my game server but have no idea where to make my ...
Josh Hallow's user avatar
  • 54
10 votes
3 answers
3k views

We're developing a web service hosted in Windows Azure. We expect that at some moments bad guys try to DDOS it. I Googled and didn't find anything new and definitive (this one is rather vague) about ...
sharptooth's user avatar
  • 172k
8 votes
1 answer
6k views

I'm looking for best practice advice/guidance (perhaps from Microsoft?) regarding denial of service (DoS) protection/mitigation for ASP.NET Core web applications. The main two options I have found so ...
redcalx's user avatar
  • 8,787
7 votes
3 answers
4k views

I'm looking for a servlet filter library that helps me secure our web service against unauthorized usage and DDoS. We have "authorized clients" for our web service, so ideally the filter would help ...
sehugg's user avatar
  • 3,605
6 votes
5 answers
1k views

I'm wondering how to stop an unresponsive thread in Java, such that it's really dead. First of all, I'm well aware of Thread.stop() being deprecated and why it should not be used; there are already ...
pxcv7r's user avatar
  • 466
5 votes
3 answers
1k views

I can't access Plesk Amdin because of DOS attack; can I block a hostname or IP address through SSH? If so, how would I be able to do this? Thank you!
olimits7's user avatar
  • 593
3 votes
3 answers
4k views

I have configured my server with various anti-DOS modules (mod_qos, mod_evasive etc). What I want to do now is run a simple PHP scrip that calls URLs on my site multiple times, in order to reach the ...
rockstardev's user avatar
  • 13.6k

15 30 50 per page
1
2