Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums External Resources Addins WorldDefense Filter
WorldDefense Filter
  • Offline ALTITUDE_DEV
    CEO ALTITUDE-DEV.COM
  • **
  • Posts: 31
    Threads: 6
    Joined: Jan 2023
    Reputation: 2
#1
02-04-2024, 12:06 PM

I created this filter to prevent unwanted SPAM from certain countries on your CI 4 application. Today, I encountered a massive SPAM attack from an IP in Singapore, so I developed this anti-spam solution. Please note that spam can generate a large number of session files in CI, which may lead to storage issues.

I'm sharing my piece of code with you; it's functional, but it could use some improvements.


https://github.com/ALTITUDE-DEV-FR/codei...ountrylock

Kings Shepard
CEO & Dev at : Website Altitude Dev
ANDROMEDE CMS CODEIGNITER
My Portfolio BEHANCE
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,282
    Threads: 90
    Joined: Oct 2014
    Reputation: 206
#2
02-05-2024, 01:18 AM

Thank you for sharing.

The first if condition is wrong?
Doesn't the filter block all visitors?
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply
  • Offline ALTITUDE_DEV
    CEO ALTITUDE-DEV.COM
  • **
  • Posts: 31
    Threads: 6
    Joined: Jan 2023
    Reputation: 2
#3
02-05-2024, 05:24 AM
(This post was last modified: 02-05-2024, 06:07 AM by ALTITUDE_DEV.)

Hello Kenjis,

So, if the first condition is not met, we don't enter the variable to block the user.

We then move on to the next check, which makes an API call and sets the session if the user is in the relevant country. In this case, they will then meet the first condition and be blocked.

It's an alternative measure, but not optimal. I need to improve it because the goal is that if the user is blocked, it avoids creating a new session file in the app (not easy to do in itself) because we need the session to check if they are blocked or not.

The idea would be:

- If the person is in the relevant country, block them and destroy their previous session to avoid having 125,000 sessions in the CodeIgniter 4 directory (as happened to me).
- A preliminary check to avoid making the API call again (limited to 30K/month for free).


If you have any ideas to improve CI in this regard, it would greatly help people who are facing spam visits with randomly generated IPs. (This doesn't necessarily counter DDoS itself but rather the mass creation of session files.)

I can try to create a filter from my database to find a solution and propose it if needed for CI.

In my case yesterday, I had about 300 visits per minute with a random IP from Singapore, which generated 128 pages of sessions, creating around 125,000 sessions. Fortunately, I have a system of IPTABLE bans, etc., but it only temporarily solves the issue at the file level.

ps: i have edited my github
CEO & Dev at : Website Altitude Dev
ANDROMEDE CMS CODEIGNITER
My Portfolio BEHANCE
Reply




Theme © iAndrew 2016 - Forum software by © MyBB