I'm Sunil Shenoy: a programmer, UI designer and a movie buff. I currently live in Mumbai,India.

Namaste. Be Good.



DigitalOcean Affiliate Banner
Add to Instapaper

Pixel Flood Attack

ImageMagick is a great tool which helps create, edit, compose, or convert bitmap images. If you use ImageMagick to resize images on your app server, then it’s good to have it configured to combat pixel flood attack.

#390 Pixel flood attack - HackerOne

I recently came across this issue for a service I help maintain and here are the steps I took to fix the issue.

Navigate to /etc/ImageMagick folder and find the policy.xml. It’s usually write protected.

Edit the file and add these lines.

<policy domain="resource" name="memory" value=“500MiB"/>
Set a limit on how much memory an image can occupy.

I have set it to 500 MB, but you should set it a limit based on your server and app requirement.

<policy domain="resource" name="width" value=“5MP"/>
Set a limit to how large a image you want ImageMagick to read in Mega Pixel format. This avoids excessive memory usage.

Megapixel calculator | toolstud.io should help convert Mega Pixel to width and height you want to support.

<policy domain="resource" name="time" value="120">
Set a limit on how long you want an ImageMagick process to last.

These three policy additions to policy.xml helped stop the flood attack for now.


Flood pixel attack in Imagemagick - ImageMagick