The Coppermine Gallery on one of my sites was getting requested so much per second by 1IP that the server load went up to 4
Has anyone experienced this or has a script or something to detect and prevent this?
Full Version: Coppermine Gallery
if its one IP you can try this
netstat -plan (find the ip)
if you have apf installed: apf -d <ip here>
if you use iptables: iptables -A INPUT -s XXX.XXX.XXX.XXX -j DROP
hope that helps as a temporary fix, its not a permanent solution, but it will slow it down until you find a better solution
netstat -plan (find the ip)
if you have apf installed: apf -d <ip here>
if you use iptables: iptables -A INPUT -s XXX.XXX.XXX.XXX -j DROP
hope that helps as a temporary fix, its not a permanent solution, but it will slow it down until you find a better solution
Well, that is what I had done, but its like the 4th time they've done it. I've banned those 4 previous IPs, but they come back with new ones and completely different ISPs (Comcast, SBC, Qwest).
67.42.91.27
67.42.91.27
Have you tried mod_evasive? Its supposed to help out in cases like these.
Yes. I have that installed.
What are the recommended settings?
What are the recommended settings?
I current have it set to:
However, it just blocked a google IP and I'm like, thats gotta be bad.
What do the different settings mean?
QUOTE
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 50
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 60
DOSLogDir "/var/log/httpd/"
DOSEmailNotify xxxspammexxx@xxxspamxxx.net
DOSPageCount 5
DOSSiteCount 50
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 60
DOSLogDir "/var/log/httpd/"
DOSEmailNotify xxxspammexxx@xxxspamxxx.net
However, it just blocked a google IP and I'm like, thats gotta be bad.
What do the different settings mean?
A server load of 4 shouldn't be a problem....try installing eAccelerator (PHP script caching), because with these photo galleries they're parsing a lot of code.
I had a Gallery2 install hit *hard* by a popular forum recently and it ate up dual Xeons with no problems - I didn't have any script caching setup. But that didn't cause any slowdowns, because each request doesn't take long and there's plenty of spare CPUs around with HyperThreading.
The key to servers is cores cores cores - concurrency is important
But if the server load is only 4 and it's just CPU usage then that's fine, it just means the srever is actually doing something....double-check your Apache settings, you might want to enable KeepAlive and check the max servers and minspareservers, and so on.
I had a Gallery2 install hit *hard* by a popular forum recently and it ate up dual Xeons with no problems - I didn't have any script caching setup. But that didn't cause any slowdowns, because each request doesn't take long and there's plenty of spare CPUs around with HyperThreading.
The key to servers is cores cores cores - concurrency is important
But if the server load is only 4 and it's just CPU usage then that's fine, it just means the srever is actually doing something....double-check your Apache settings, you might want to enable KeepAlive and check the max servers and minspareservers, and so on.
The server load is normally very very low (well below 1). I have eA and Mysql 4.x-latest installed with Qcache enabled.
Test out the server during the attacks. If it's not slow, no need to worry. But I'm guessing it is, hence your post (just double checking though)
Bit rusy on mod_evasive but here goes... SiteCount is the number of concurrent requests, PageInterval is the interval between requests for the same page, SiteInterval is the interval between requests for any page on the site (I think)
Bit rusy on mod_evasive but here goes... SiteCount is the number of concurrent requests, PageInterval is the interval between requests for the same page, SiteInterval is the interval between requests for any page on the site (I think)
The server is still very responsive during the attacks, its just it would be nice to block that little script kiddie.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.