You can fill out this form [1] to report suspected abuse on Google Cloud
Platform.
Also, as a workaround, you can block abusive IP addresses as established
here [2]: *you can use the App Engine firewall to block traffic to your app
from IP addresses that present malicious intent or shield
It's not a denial of service -- ideally the GAE cloud should scale up,
regardless of request volume. It IS, however, an economic denial of
sustainability, or EDoS. Different issue, and one GAE has yet to address.
On Wed, Feb 25, 2009 at 7:48 PM, coolmenu coolm...@gmail.com wrote:
If someone
Google have stated that they will refund billing directly resulting
from a DDOS attact - but have only seen that said in the group - cant
see it in the doucmentation.
On 26/02/2009, coolmenu coolm...@gmail.com wrote:
If someone use DOS attack my app, how about i can do? could i have to
pay
Star this issue: http://code.google.com/p/googleappengine/issues/detail?id=644
On Feb 25, 7:48 pm, coolmenu coolm...@gmail.com wrote:
If someone useDOSattack my app, how about i can do? could i have to
pay lots of money for billing?
--~--~-~--~~~---~--~~
You
This a big problem!
You have to think about the risk if you use it in your business.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Google App Engine group.
To post to this group, send email to
There was a similar issue logged. The one that I created was marked as
duplicate.
Please *STAR* the new issue if you think it's important for you to
have firewall control in your application. Firewall control is the
first step towards resolving the denial of service attack problem.
Marzia -
That is great news.
Will this also help with genuine traffic spikes? A simple application
I use to test, which does a single datastore fetch for 5 items that
are a few bytes each, and stores it in memcache for 10 seconds, can go
over quota by a simple ab -c 30 -n 1. I've tried with
Starred - I think it's gonna be even more impotant when we get paid
service.
--
Alex
http://sharp-developer.net/
On Sep 20, 5:31 am, Tony Smith [EMAIL PROTECTED] wrote:
Hi,
I created an issue for this request. Please star it if you feel it's
important to you.
Hi,
I created an issue for this request. Please star it if you feel it's
important to you.
http://code.google.com/p/googleappengine/issues/detail?id=718
Thanks,
Tony
On Sep 18, 3:59 pm, Sharp-Developer.Net
[EMAIL PROTECTED] wrote:
Tony,
Have your reported this as an issue?
I think a lot
Tony,
Have your reported this as an issue?
I think a lot of people would star it if someone create such and post
a link here. I definetly would.
--
Alex
On Sep 18, 3:22 am, Tony Smith [EMAIL PROTECTED] wrote:
I now have a working on a script that will bring down any GAE
application. You fill
I now have a working on a script that will bring down any GAE
application. You fill in the url and some post/get params if you have
them then the script will simulate thousands of users with thousand of
requests.
Right now it takes less than 3 minutes to bring down a GAE app. It's
disappointing
I think Google has anti dos techniques already.
ddos is usually done from botnets. Botnets might be used to make fake
clicks on paid ads.
Such kind of fraud is top problem for google.
Most likely google has some secret list with botted PCs around the
world.
Any fraud activity like dos or fake
I noticed this code
http://code.google.com/p/pyib/source/browse/trunk/usercontrol.py
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Google App Engine group.
To post to this group, send email to
Yes, it needs to be at a very low level.
In my infrastructure, when the system is detecting a DOS attack it
creates a firewall rule on the offending IP address. This rule will
expire in a few minutes. If the DOS continues after the few minutes
then An hour long restriction is imposed. If after
I don't know the status of these issues. Timeout and DDOS are two
concerns for me.
To prevent timeout, applications have to check timer very quickly
and break the request processing aggressively, which looks like
a DDOS :-). Even worse, it's difficult to guarrantee the loop between
Timeout is not an issue if the requests are minimal. And you can
control what the user can request from your application.
The MAJOR concern is DOS.
I have created a script that would request the main page of my app
(which now it is a static page that says: home).
I basically simulated 100 users
Don't know why people pay less attention to timeout. To keep requests
minimal, then much application logic has to be removed from AppEngine.
Httpmr actually increases client-side logic, or you can say move
logic
complication from server to client.
AppEngine and httpmr are good at
It's not about paying less attention. About the timeout you can do
something (split the requests etc.).
About the Denial of Service attack you can't really do anything. If
somebody wants you out of the picture all they have to do is simulate
100 users and in 10 minutes you're out.
Are there any
18 matches
Mail list logo
