Thread in C# that makes an post on my server - Flood

Question

I have an APPLICATION in C # that aims to make http post requests in my server using threads. (This to simplify the matter, because in fact, there are several different trheads that make requests on different URIs)

It turns out that these treads are set to make their requests in different time periods. But I'm detecting flood on my server, always coming from the same ips and in huge sequences, which was not to be. - It's like a DDoS attack! And indeed, my server is having serious problems to deal with it.

Personally do not think that is an attack, but rather, that something might be wrong with my C # application that is distributed to thousands of customers. Approximately 10,000. Then, at most, would 10K requests per day. But in fact there are more...

My server is in Python.

And below, I am pasting a code example in tread that makes those requests. I'm explaining it all and displaying the code in the hope that someone can see that I can not see. If you can find something wrong, please, your help will be greatly appreciated.

DateTime nextCheck= DateTime.Now;
void checkLicenses()
{
    // 5 minutes
    autoResetEvent.WaitOne(300000, true);
    while (this.ServiceAlive)
    {

        if (DateTime.Now < nextCheck)
        {
            autoResetEvent.WaitOne(30000, true);
            continue;
        }

        if (this.InternetIsOk)
        {
            Monitor.Record("Executing checkLicenses...", Mode.Console, false);

            licenseRequest = new LicenseRequest()
            {
                token = this.GetToken(),
                licensesList = Data.GetLicensesToValidate()
            };

            string json = JsonConvert.SerializeObject(licenseRequest, Formatting.Indented);
            var jsonBytes = Encoding.Default.GetBytes(json);


            string URI = AplicationConf.GetWebServiceAddress() + "/checklicense";
            var uri = new Uri(URI);
            var servicePoint = ServicePointManager.FindServicePoint(uri);
            servicePoint.Expect100Continue = false;
            System.Net.ServicePointManager.Expect100Continue = false;

            string response = "";
            using (WebDownload wc = new WebDownload())
            {
                wc.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
                wc.Credentials = CredentialCache.DefaultCredentials;
                wc.Proxy = GetProxyData();
                wc.Timeout = 60000;

                Monitor.Record("Post in URI: " + URI, Mode.Console, false);
                var postResponse = wc.UploadData(URI, "POST", jsonBytes);
                response = Encoding.Default.GetString(postResponse);
            }

            if (!String.IsNullOrEmpty(response))
            {
                List<ResponseLicense> responseLicense = JsonConvert.DeserializeObject<List<ResponseLicense>>(response);
                Data.UpdateLicense(responseLicense);
            }

            Monitor.Record("CheckLicense finish");
        }
        nextCheck = DateTime.Now.AddHours(24);
    }
}

UPDATE

This application is a WCF Service that contains a class called HostServer. This class has a Start () method that is called only once, at startup of the service. This method "Start" creates the trheads. (The checkLicenses () method is a trhead). Below is part of the Start() code.

public void Start (bool consoleRunning = false)
{

   // code above

   trheadCheckLicense = new Thread (new ThreadStart (checkLicense));
   trheadCheckLicense.Priority = ThreadPriority.Normal;
   trheadCheckLicense.Name = "trheadCheckLicense";
   trheadCheckLicense.Start();

  // More code below

}

Use [`Thread.Sleep`](http://msdn.microsoft.com/en-us/library/system.threading.thread.sleep) to delay a thread rather than abusing an event. Calculate the total time to wait, rather than looping with fixed delays (`Thread.Sleep(targetTime - DateTime.Now)`). (Even better would be to do things asynchronously and not block threads at all.) — Richard, Jan 16 '15 at 11:39
Could you explain more detail about code that call checkLicenses() method, and about class that contains it. Is it posible that your app make several objects that checks license? — gabba, Jan 16 '15 at 11:47
@gabba, the above code has been updated to put what you asked. Thanks. — Eduardo, Jan 16 '15 at 11:58

score 2 · Answer 1 · answered Jan 16 '15 at 12:09

2

Your CheckLicense code did't catch any exceptions. If service configurated to restart on fail. And your autoResetEvent created like new AutoResetEvent(true); You get a loop:

1 service starting
2 go to check license
3 send request
4 get exception somewhere
5 crash
6 restart again

answered Jan 16 '15 at 12:09

gabba

2,815
2
27
48

Thank you for your tip, gabba! Anyway, I've protected the method with try cacth and I am also reviewing my service to see if it contains any errors in order to create multithreaded objects wrongly and now to test if the crash occurs, he calls the service in loop. – Eduardo Jan 16 '15 at 12:26
@ECC also don't forget to check how you created AutoResetEvent, if it created in signaled state – gabba Jan 16 '15 at 12:48

Thread in C# that makes an post on my server - Flood

1 Answers1