User Controls

Only A Certain # of Requests Allowed Per IP

  1. #1
    esbity African Astronaut
    So I've got a site that only allows a certain number of requests per hour per IP. I am having barney automating against this site.

    What are my options aside from proxys and waiting an hour?

    Im still not sure exactly how their counter works...
  2. #2
    Sophie Pedophile Tech Support
    What are you trying to do to this site that their rate limiting kicks in?
  3. #3
    esbity African Astronaut
    Originally posted by Sophie What are you trying to do to this site that their rate limiting kicks in?

    View bible versus.
  4. #4
    Lanny Bird of Courage
    You can't "spoof" your IP address if you don't control the infrastructure so really proxies are your only option. You want to understand the rate limiting logic as exactly as you can so you can minimize the number of proxies you'll need but procuring more addresses is really the only option unless you can find some exploit pertaining to the rate limiting. Proxies usually aren't too hard though, TOR is available if you're trying to do something like crawl rather than DDoS and I understand that large numbers of proxies (presumably coming from monetized botnets) are fairly cheap to purchase.
    The following users say it would be alright if the author of this post didn't die in a fire!
  5. #5
    Sophie Pedophile Tech Support
    Originally posted by Lanny You can't "spoof" your IP address if you don't control the architecture so really proxies are your only option. You want to understand the rate limiting logic as exactly as you can so you can minimize the number of proxies you'll need but procuring more addresses is really the only option unless you can find some exploit pertaining to the rate limiting. Proxies usually aren't too hard though, TOR is available if you're trying to do something like crawl rather than DDoS and I understand that large numbers of proxies (presumably coming from monetized botnets) are fairly cheap to purchase.

    This, also, if you are in fact trying to DDoS, i'd suggest going for an amplification attack. Use Memcache servers, here's a list of servers.

    https://pastebin.com/raw/eSCHTTVu

    Here's a tool.

    https://github.com/649/Memcrashed-DDoS-Exploit/

    Knock yourself out.
  6. #6
    esbity African Astronaut
    Thanks to both of you(I cant give thanks yet).

    Im not trying to crawl and Im not trying to DOS. Im actually checking some things but since automating, the admin put up some shit.

    The captcha is bypassable due to a shit developer but my IP still limita me. I think Ill try to find a way around it before resorting to proxys.

    Could altering my packets possibly bypass it? What is the most likely server side code thats responsible for this?
  7. #7
    Originally posted by esbity View bible versus.

    If this is true there are a million free apps for that
  8. #8
    apt Tuskegee Airman
    nigger
  9. #9
    Lanny Bird of Courage
    Originally posted by esbity Could altering my packets possibly bypass it? What is the most likely server side code thats responsible for this?

    Nope, even if you could spoof your address in an outbound packet (I'm not sure how deep into your network stack you'd have to dig to do this and I'm pretty sure switches would reject a packet where the link and network layer source information doesn't match) the ACK would never be able to make it back to you so TCP is effectively impossible.
  10. #10
    WE SMOOTH African Astronaut
    Originally posted by Lanny Nope, even if you could spoof your address in an outbound packet (I'm not sure how deep into your network stack you'd have to dig to do this and I'm pretty sure switches would reject a packet where the link and network layer source information doesn't match) the ACK would never be able to make it back to you so TCP is effectively impossible.

    This nigga smart. Not to mention the ISP
  11. #11
    apt Tuskegee Airman
    nigger
  12. #12
    -SpectraL coward [the spuriously bluish-lilac bushman]
    You simply use socks 4/5 proxies as rotating IPs in your client. Or use CGI proxies which use random rotating IPs every few seconds, which are readily available for free all over the Internet.
  13. #13
    apt Tuskegee Airman
    nigger
    The following users say it would be alright if the author of this post didn't die in a fire!
  14. #14
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by apt Shut the fuck up

    That didn't scare me.
Jump to Top