I'd like to access some website to get some information. To do that, I write a python function which accesses the website with a given frequency. ALso, I learnt that to prevent potential DDOS suspection due to frequent access, I may delay access to the website after some exception. I decides to wait some rounds if any exception occurs. Thus I write the following codes:
ddos_prevention = {'continuous_suspected_times': 0, 'to_wait_rounds': 0}
request_url = 'http://store.apple.com/' #just an example url
while True:
print get_response_without_ddos_suspect(request_url, ddos_prevention)
sleep(1)
def get_response_without_ddos_suspect(request_url, ddos_prevention):
if ddos_prevention['to_wait_rounds'] == 0:
try:
response = requests.get(request_url)
if response.status_code == 200:
if ddos_prevention['continuous_suspected_times'] != 0:
print '%s: Finally it works after %s rounds of waiting, request_url: %s' % (
datetime.now(), math.pow(2, ddos_prevention['continuous_suspected_times']), request_url)
ddos_prevention['continuous_suspected_times'] = 0
return response.json()
except Exception as e:
ddos_prevention['continuous_suspected_times'] += 1
ddos_prevention['to_wait_rounds'] = math.pow(2, ddos_prevention['continuous_suspected_times'])
print '%s: DDOS suspected for the %sst times and wait %s rounds, exception: %s, request_url: %s' % (
datetime.now(), ddos_prevention['continuous_suspected_times'], ddos_prevention['to_wait_rounds'], e, request_url)
return None
else:
ddos_prevention['to_wait_rounds'] -= 1
print 'to_wait_rounds: %s, request_url: %s' % (ddos_prevention['to_wait_rounds'], request_url)
return None
Luckily, it seems to work. However, it's far from beening ideal, because: 1) the codes are so tedious, 2) the codes don't handel different exceptions, so that I may omit many signals.
PLease gives some code examples or modular for my situation, which can access the website with high frequency yet without causing DOS suspection of the given website to deny my access.
You're asking for some suggestions, such as improvement of the codes, some new codes, some better modulars or any other better methods.
In my opinion, from those two sides you have to choose the one you're in:
Either you have a small site which does not really risk being under a DDoS attack, simply because it's not large enough for malicious hackers (or competitors) to be interested in. In that case, you can go with small hacks like this one that definitely won't scale but hey, first you don't bother scaling at this time, and second you don't need this now.
Or your site is large enough to be considered a potential target for DDoS. In that case, you can't get along with such hacks and you really should consider a more professional solution. Which is perhaps a Content Delivery Network (CDN) that isolates your website per se from its actual delivery to your users.
So to me, any other better methods would be in that case: either you're in 1 and you should be able to get rid of your hack, or you're in 2 and you should use something more stable and powerful.
The subject may appear benign, but it's precisely the accumulation of such hacks, whereas professional solutions exist, that little by little can transform any cool and promising software project into this kind of situation that you can't extirp yourself from.