continuous browser refresh overwhelms moodle-based site

continuous browser refresh overwhelms moodle-based site

by Siegwart Mayr -
Number of replies: 12

We have had several denial of service incidents due to students pressing the <F5> Refresh button so many times or continuosly, which makes apache+mysql+moodle crawl under the flood of requests.  

I have been unable to find a way to stop this from happening.   I have tuned Apache to start fewer servers, so it has helped because now it takes only 5 min to recover (as opposed to 30 min before).  This is still not acceptable because someone can sabotage an exam or quiz.  Sometimes telling them not to do it just puts more fuel to the fire.

I know apache and mysql run fine, since we run another apache+mysql site (non-moodle) on the same server, and pressing <F5> continuosly to refresh that other site does not cause any problems.  It handles gracefully the thousands of requests that flood the system.

I've tried with and without persistent connections to the database, but makes no difference.

We run Linux 2.4.18-11, Apache 2.0, mysql 3.23.52, PHP 4.2.2 on our server.

Does anyone have an idea what to do about this?   I have thought of throttling bandwith, but my understanding is that Apache 2.0 does not support mod_throttle.  Are there any other alternative solutions?

I'm curious to know if someone else has this problem as well.

Thanks!

Average of ratings: -
In reply to Siegwart Mayr

Re: continuous browser refresh overwhelms moodle-based site

by Greg Barnett -
Note: This may not be someone sitting there holding down the F5 key. I've seen certain circumstances where the moodle require_login function causes an infinite refresh loop. Somewhere in that function, a recursion check should be done.
Average of ratings: -
In reply to Siegwart Mayr

Re: continuous browser refresh overwhelms mysql-based site

by Martin Dougiamas -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
Thanks for posting that mixed

I can actually make the same thing happen with a variety of PHP+MySQL web sites, as long as they are close enough on the network. sad How irresponsible for browser makers to have that "feature" in the first place! angry

Anyhow, given that it's a reality, though - there needs to be some sort of rate limiting feature in Moodle, or at least an Apache strategy, that could detect more than 500 requests (say) within 5 seconds then it blocks that IP. Ideas/research welcome.
Average of ratings: -
In reply to Martin Dougiamas

Re: continuous browser refresh overwhelms mysql-based site

by Janne Mikkonen -
Have anyone tried this? http://www.nuclearelephant.com/projects/dosevasive/

It might be handy for those sites that have high hit rate???

- Janne -
Average of ratings: -
In reply to Martin Dougiamas

Re: continuous browser refresh overwhelms mysql-based site

by Mark Sharp -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers

I know this is a super-super old thread, but it still happens. Did you get anywhere with the research or solutions?

ta

Average of ratings: -
In reply to Mark Sharp

Re: continuous browser refresh overwhelms mysql-based site

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

2003?

Is this an attempt at the record for 'thread necromancy'? cool

In some respects it's a fair question but I have to say I would normally suggest you start a new thread with full details of the problem you are facing. 

Average of ratings: -
In reply to Howard Miller

Re: continuous browser refresh overwhelms mysql-based site

by Mark Sharp -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers

Hi Howard,

Honestly, no record attempt intended. I don't know what the record is. 

This is where I landed when Googleing the issue, and besides the specific server configuration, I think it's still a live issue. Try it on your dev server! Press and hold F5 and watch your DB connections fly. I've seen this a few times, and probably it's not malicious, but if it's that simple to do a dos...

For the most part I think this is a firewall issue, and have started playing with modsecurity (a Web Application Firewall). But it's not really my field of expertise, and I dare say not the expertise of many a Moodle administrator. So I was really wondering and echoing Martin's comment on what protection is there within Moodle?

Mark

Average of ratings: -
In reply to Mark Sharp

Re: continuous browser refresh overwhelms mysql-based site

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
I believe that you didn't mean any harm. That is what happens when you "google" faster than you think. If you've thought of the search engine prescribed here, the Advanced (forum) search https://moodle.org/mod/forum/search.php?id=5, you would have found this: "Moodle crashes when students press F5 (refresh) continuously" https://moodle.org/mod/forum/discuss.php?d=321976.
Average of ratings: -
In reply to Mark Sharp

Re: continuous browser refresh overwhelms mysql-based site

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Although I have a feeling Martin is still around I tend to discourage these sort of posts because the person you are asking "did you fix that" to is usually not. So, it's all in the interests of getting a solution (or at least progressing) your problem. 

In some respects this is a form of DOS attack. We have seen it coming up to deadlines for submission when we used Turnitin. Not to blame Turnitin especially but a student checking their submission causes a higher than normal load. When you multiple that by several hundred students hammering the F5 key in panic mode it can bring the server down. 

There really isn't any protection within Moodle. You can set up some Apache based protection using (for example) mod_evasive. However, you have to be *very* careful because Moodle in theme designer mode looks exactly like a DOS attack on itself. Ask me how I know! wink

Average of ratings: Useful (1)
In reply to Mark Sharp

Re: continuous browser refresh overwhelms mysql-based site

by Just H -

Be careful with modsec; it can be a real pain in the proverbial ... make sure you have more than one IP address to connect to your server from. It can and will block your IP for the slightest reason; make sure you know how to clear your IP as it can be embarrassing ... or so I've heard blush

Average of ratings: Useful (2)
In reply to Mark Sharp

Re: continuous browser refresh overwhelms mysql-based site

by Mark Sharp -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers

Thanks Howard and Just, modsecurity definitely does not work out the box, at least not for Moodle (test test test). 

Average of ratings: -
In reply to Siegwart Mayr

Re: continuous browser refresh overwhelms moodle-based site

by David Delgado -
It would help to upgrade mysql to the latest stable version (4.0.15 at this moment), since it has a good query cache. If you are running Red Hat Linux, you will find the rpm's in www.mysql.com , if not, you can use the tipical .tgz files.

On the other hand, Apache 1.3 still seems to be a much more stable environment for PHP, and you can solve that kind of problems using mod_throttle with it. Anyway, you can get into throuble if you uninstall Apache 2 and try to install Apache 1.3, since there may be many dependences of other packets on it. If you do that, take care.

Hope this helps.
Average of ratings: -