The previous two articles introduced (through the construction of a hash conflict to implement a variety of language denial of service attacks, PHP array hash Conflict example), the attack method is very high, the cost of attack is very small. A desktop can easily take down dozens of units, hundreds of servers.
And Pierre, after communication, the official development team will not publish PHP 5.2.18, but still by a number of companies still use 5.2, so I will be the 5.4 written patch, respectively, apply to 5.2.
If you use 5.2, if the threat of such attacks, you can play the following patch, PHP5.3, you can consider upgrading to 5.3 9, has included this patch (because 5.3.9 is currently RC state, so if you do not want to upgrade, You can also refer to this patch yourself for 5.3 write one):
Https://github.com/laruence/laruence.github.com/tree/master/php-5.2-max-input-vars
Add (January 8, 2012): If you are using PHP under Windows, or other reasons you are not convenient to use the patch method, you can also modify the configuration of PHP max_input_time for a small value to mitigate the impact of such attacks.
In addition, other languages, such as Java, Ruby, please also anticipate a good solution, limit the post_size is a palliative method, but can be used to do temporary solutions.
This article address: http://www.laruence.com/2011/12/30/2440.html