It's probably worth saying that if you run postgres and dspace on the same server, you can completely block postgres at the firewall (iptables) level.
On Wed, 2007-10-31 at 12:51 -0500, Thornton, Susan M. (LARC-B702)[NCI INFORMATION SYSTEMS] wrote: > You can block ip addresses at the postgreSQL level in the pg_hba.conf > file. Here is a person I blocked by ip address who was sending all > kinds of GET requests to our DSpace server: > > host all all malicious.ip 255.255.255.255 > reject > > Sue Walker-Thornton > NASA Langley Research Center > ConITS Contract > 757-224-4074 > [EMAIL PROTECTED] > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mika > Stenberg > Sent: Wednesday, October 31, 2007 6:00 AM > To: dspace-tech@lists.sourceforge.net > Subject: Re: [Dspace-tech] Blocking a malicious user > > We've had problems like that as well. Blocking specific IP's works only > for > a while since many bots and spammers seem to change their IP frequently. > We > didnt come up with a decent solution for this, but blocking an entire > country of origin for a period of time has been on my mind. Managing the > allowed requests / timeslot for a specific IP might also do the trick. > > -Mika > > > > If they're nasty enough, though, they'll drown your Apache or Tomcat > > server in replying with 403s. I've had times that I needed to be > > absolutely merciless and block at the firewall level, using iptables; > > then they don't even get as far as userspace. > > > > On Tue, 2007-10-30 at 14:01 -0500, Tim Donohue wrote: > > > George, > > > > > > We had a similar problem to this one in the past (a year or so ago). > I > > > > > just flat out blocked the IP altogether (not even specific to > > > /bitstream/) via this Apache configuration: > > > > > > <Location /> > > > Order Allow,Deny > > > > > > Deny from {malicious ip} > > > > > > Allow from all > > > </Location> > > > > > > This looks similar to your config though (except it blocks all > access > > > from that IP). > > > > > > - Tim > > > > > > George Kozak wrote: > > > > Hi... > > > > > > > > I am having a problem with an IP that keeps sending thousands of > "GET > > > > > > /bitstream/..." requests for the same item. > > > > > > > > I have placed the following in my Apache.conf file: > > > > > > > > <Directory /bitstream/> > > > > Options Indexes FollowSymLinks MultiViews > > > > AllowOverride All > > > > Order allow,deny > > > > allow from all > > > > deny from {malicious ip} > > > > </Directory> > > > > > > > > I also placed the following in my server.xml in Tomcat: > > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > > > > deny="xxx\.xxx\.xxx\.xx" /> > > > > > > > > However, this person still seems to be getting through. My java > > > > process is running from 50%-80% CPU usage. Does anyone have a > good > > > > idea on how to shutout a malicious IP in DSpace? > > > > > > > > *************************** > > > > George Kozak > > > > Coordinator > > > > Web Development and Management > > > > Digital Media Group > > > > 501 Olin Library > > > > Cornell University > > > > 607-255-8924 > > > > *************************** > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > - > > > > This SF.net email is sponsored by: Splunk Inc. > > > > Still grepping through log files to find problems? Stop. > > > > Now Search log events and configuration files using AJAX and a > > browser. > > > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > > > _______________________________________________ > > > > DSpace-tech mailing list > > > > DSpace-tech@lists.sourceforge.net > > > > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > > > > > > > > > > > ------------------------------------------------------------------------ > - > > This SF.net email is sponsored by: Splunk Inc. > > Still grepping through log files to find problems? Stop. > > Now Search log events and configuration files using AJAX and a > browser. > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > _______________________________________________ > > DSpace-tech mailing list > > DSpace-tech@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > > > > > > > ------------------------------------------------------------------------ > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
