Developer forum

Forum » CMS - Standard features » SearchV1 Search, Weighted standard module DW v 9.15.8

SearchV1 Search, Weighted standard module DW v 9.15.8

E-mail notifications
Kevin O'Driscoll
Reply
Posted on 01/12/2023 13:16:42

Morning, we had, what we suspect, is a denial of service attack which resulted in the DW database expanding uncontollably.

The entry point was a url request on the DW standard SearchV1 module like this:

/xx-xx/searchresults?q=coffiero einbetonieren inshape body curl corner box passen Low Impact Fitness... (up to 300 chars long)

and then a very long Sql SELECT statement I think designed to stall the database. These requests were varied and made many times per second.

I would like to intercept requests like this using a Notification Subscriber to sanitize before the requests hit the database, can anyone recommend which Notification Subscriber would be best to use, or a better standard option if available or to write our own module if SearchV1 is now unusable/deprecated

Rgds

Kevin


Replies

 
Morten Snedker Dynamicweb Employee
Morten Snedker
Posted on 05/12/2023 16:31:20
Reply

Hi Kevin,

As for Search Weighted the app is to be considered deprecated, so I recommend using the Content search from Repository for that purpose.

As far as I am aware you cannot intercept the request and ditch it once it reaches Dynamicweb - I could be wrong on this, though. But you can use a PageLoaded notification that evaluates the query by using Dynamicweb.Context.Current.Request["mykey"] and evaluating its content. If you have multiple unwanted requests from same IP (Dynamicweb.Context.Current.Request.UserHostAddress) you can choose to add to the IP to _BannedIps.txt in the System folder.

I hope the above was helpful.

BR
Snedker

 

You must be logged in to post in the forum