User Controls
Only A Certain # of Requests Allowed Per IP
-
2018-06-02 at 3:28 AM UTCSo I've got a site that only allows a certain number of requests per hour per IP. I am having barney automating against this site.
What are my options aside from proxys and waiting an hour?
Im still not sure exactly how their counter works... -
2018-06-02 at 4:34 AM UTCWhat are you trying to do to this site that their rate limiting kicks in?
-
2018-06-02 at 5:51 AM UTC
-
2018-06-02 at 6:07 AM UTCYou can't "spoof" your IP address if you don't control the infrastructure so really proxies are your only option. You want to understand the rate limiting logic as exactly as you can so you can minimize the number of proxies you'll need but procuring more addresses is really the only option unless you can find some exploit pertaining to the rate limiting. Proxies usually aren't too hard though, TOR is available if you're trying to do something like crawl rather than DDoS and I understand that large numbers of proxies (presumably coming from monetized botnets) are fairly cheap to purchase.The following users say it would be alright if the author of this post didn't die in a fire!
-
2018-06-02 at 4:38 PM UTC
Originally posted by Lanny You can't "spoof" your IP address if you don't control the architecture so really proxies are your only option. You want to understand the rate limiting logic as exactly as you can so you can minimize the number of proxies you'll need but procuring more addresses is really the only option unless you can find some exploit pertaining to the rate limiting. Proxies usually aren't too hard though, TOR is available if you're trying to do something like crawl rather than DDoS and I understand that large numbers of proxies (presumably coming from monetized botnets) are fairly cheap to purchase.
This, also, if you are in fact trying to DDoS, i'd suggest going for an amplification attack. Use Memcache servers, here's a list of servers.
https://pastebin.com/raw/eSCHTTVu
Here's a tool.
https://github.com/649/Memcrashed-DDoS-Exploit/
Knock yourself out. -
2018-06-02 at 5:27 PM UTCThanks to both of you(I cant give thanks yet).
Im not trying to crawl and Im not trying to DOS. Im actually checking some things but since automating, the admin put up some shit.
The captcha is bypassable due to a shit developer but my IP still limita me. I think Ill try to find a way around it before resorting to proxys.
Could altering my packets possibly bypass it? What is the most likely server side code thats responsible for this? -
2018-06-02 at 5:29 PM UTC
-
2018-06-02 at 5:51 PM UTCnigger
-
2018-06-02 at 10:22 PM UTC
Originally posted by esbity Could altering my packets possibly bypass it? What is the most likely server side code thats responsible for this?
Nope, even if you could spoof your address in an outbound packet (I'm not sure how deep into your network stack you'd have to dig to do this and I'm pretty sure switches would reject a packet where the link and network layer source information doesn't match) the ACK would never be able to make it back to you so TCP is effectively impossible. -
2018-06-03 at 6:27 AM UTC
Originally posted by Lanny Nope, even if you could spoof your address in an outbound packet (I'm not sure how deep into your network stack you'd have to dig to do this and I'm pretty sure switches would reject a packet where the link and network layer source information doesn't match) the ACK would never be able to make it back to you so TCP is effectively impossible.
This nigga smart. Not to mention the ISP -
2018-06-03 at 5:59 PM UTCnigger
-
2018-06-03 at 6:10 PM UTCYou simply use socks 4/5 proxies as rotating IPs in your client. Or use CGI proxies which use random rotating IPs every few seconds, which are readily available for free all over the Internet.
-
2018-06-03 at 6:15 PM UTCniggerThe following users say it would be alright if the author of this post didn't die in a fire!
-
2018-06-03 at 6:24 PM UTC
