On Tuesday, November 15, 2005 2:33 PM, suppressed wrote:
Thanks Sandy mod_evasive looks just the job :-) I will look into implementing as soon as I get chance.John1 wrote:From reading around on the web, it would seem that MaxClients 150 ought to be enough even for moderately busy web servers. Does anyone else have a view on this? Ron, I can understand your idea of raising MaxClients to help the problem, (although I can't try this myself as my Virtual Server environment restricts the number of concurrent processes I can run). However, I am sure you will agree that raising MaxClients is really a work around rather than a solution to the underlying problem. I can only presume that this problem of scripts looking for security holes hammering websites must be a problem common to every website on the Internet, and therefore presumably every website is bumping up against MaxClients on a regular basis!? I presume that most websites come back to life as soon as the script robot goes away, but even so, all websites will be brought down by this sort of robot for the duration of its visit. So, to get to my point, are there any easy ways to stop these script robots racking up the MaxClients count in the first place. i.e. is there anything in Apache or Apache modules that can be used to spot these "robot attacks" and drop their requests before they cause Apache to spawn loads of processes? I'd be grateful for any ideas, especially as upping the MaxClients setting is not really an option for me. ThanksTry mod_evasive, or use the robot blocking functionality in interchange, in conjunction with iptables, to drop packets from the malicious IP. Most common robots should not kill your webserver.
In the meantime, I would like to implement the Interchange lockout option immediately. I have only just realised that although I have defined a "RobotLimit 100" I have not defined a lockout command, so bad robots are not actually being locked out.
I am not up on iptables, but from what I can see the lockout command I should use is:
iptables -I INPUT -s %s -j DROP Is this correct?The problem I see with this is that the IP address is then *permanently* locked out. What is the best way to lockout IP addresses for a given timeframe, and then let them back in again? I would be really grateful if anyone has a script to do this that they wouldn't mind sharing? Thanks
___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
_______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.