[norbie]

Is there any documentation for this?
I had a look but couldn't find anything.

I've had a few members saying they're getting banned by the flood protection system, how does this system work and can I configure any part of it?

[NanoCaiordo]

the flooding security system will warn them with FULL PAGE telling them what to do, it will show the full page warning 3 times before they get banned for 24 hours.

they are allowed to do 2 click within 2 seconds ... the 3rd click within 2 seconds will display the first warning.

you can however delete their ip manually from admin => security => flooding.

.... 3 times a full page warning ....

[norbie]

Thankyou.

Could I also ask about the Unknown User-Agents part as well please. When I click on details it does not open up another page. If this section blocks Unknown User-Agents I presume it has a database of all known user-agents including browsers?

[NanoCaiordo]

not fully implemented yet this is why the link doesn't take you anywhere.

[RedRincon650]

hrmm.. I did as you mentioned above, and Im not able to clear these IP's

[norbie]

Same, delete them in the database.

[RedRincon650]

done...cms_security

odd tho, the IP address was NULL where would the IP have been stored ?

[NanoCaiordo]

you are both missing files ... 9.1.1 move flooding ip in "Flooding" no in "IPs" ... just to be sure if you click on "details" do you see "flooding detected by yser agent ...." if so then this is not 9.1.1

[insaner]

I've got a couple users complaining that the flood protection is blocking their IP as well, and that if they click on a link one time they get the warning page (not actually flooding).

Any ideas?

[NanoCaiordo]

3 clicks with 2 seconds: warning, wait 8 seconds
one more click after the warning but before the 8 seconds expire: warning, wait 10 seconds more
one more click after the waring but before 10 seconds expire: warning wait 12 seconds.
on more click you get banned for 24 hours: admin might remove single IPs at any time or select to remove 24H old bans.

Many security systems counts how many requests within a determinated time (2 seconds) this can lead attackers to send thousands of requests within 2 seconds. Our security system works in a different way, user should need to get use to it and webmasters too.

insaner if they get a waring its just a warning and since they are waiting a determinated time of seconds they will not get anymore warnings or getting banned until the system register 3 clicks within 2 seconds.

[BrokenCrust]

Can you define a "click"? A javascript or CSS menu might easily be clicked 3 times in 2 seconds. And navigation (to a article in a content module for example) might so be done with 3 clicks on html links.

Whilst I don't want to be flooded, I don't want a system that requires users to navigate slowly. People will not put up with it and go elsewhere.

To give 3 clicks in 2 seconds is possible by good users and it would be nice to be able to set the number of clicks higher to suit a faster user group.

Maybe I don't understand fully since I can't actually get a warning on my test system however fast I click.

[NanoCaiordo]

because you are logged in as admin?

[insaner]

NanoCaiordo wrote:

3 clicks with 2 seconds: warning, wait 8 seconds
one more click after the warning but before the 8 seconds expire: warning, wait 10 seconds more
one more click after the waring but before 10 seconds expire: warning wait 12 seconds.
on more click you get banned for 24 hours: admin might remove single IPs at any time or select to remove 24H old bans.

Many security systems counts how many requests within a determinated time (2 seconds) this can lead attackers to send thousands of requests within 2 seconds. Our security system works in a different way, user should need to get use to it and webmasters too.

insaner if they get a waring its just a warning and since they are waiting a determinated time of seconds they will not get anymore warnings or getting banned until the system register 3 clicks within 2 seconds.

Thanks Nano, but it turns out it isn't my user's browsing habits. At first I thought it was just the fact they are clicking too fast, but it turns out they are getting the warning after immediately visiting the site and clicking a single link:

www.cpgnuke.com/Forums...18074.html

Has to do with Google Web Accelerator (or similiar products). I believe this is something that is a serious issue, as anyone out there in the world could have this installed and it would nearly immediatly ban them if they are using it.

[BrokenCrust]

Quote:

because you are logged in as admin?

No I logged in as a test user. I click like mad and nothing happens.

[DJ Maze]

BrokenCrust wrote:

Quote:

because you are logged in as admin?

No I logged in as a test user. I click like mad and nothing happens.

Here neither since it's hard to achieve the flooding. I've only seen it happen while there were iframe's on a page that all accessed index.php (which kicks in cmsinit.inc securtiy::check())

Keep in that a flooder does more simultanious requests (like the iframes do)