> Hi all. > First , Apache pre-spawns, so the performance effects of spawning > would be > minimal. The option of running threaded, while a good one, does not hold all > that great advantages IMHO. Looking at how you describe the attack, i will > assume, the attackers are sendig frequent requests to the server overloading > it, yep > In the > first case, you need to have a long and hard look at the access logfiles, and > see if there is a pattern to the attack, does the same request come in from > the same IP repeatedly, Does one ip sent multiple but similar requests over a > short period of time, Are the attackers (i will assume many) using a > particular browser id, os version, or indeed url. If you find any > statistically significant correlation, lock onto that, and block it, simplest > would be with an apache config directive to redirect to a page with one space > in it when you think the visit is by the attack script. The attacks happen from 1 IP at a time normally from Korea or china. when it's blocked it will stop for a few hours and get attacked by a different server. The OS's vary between windows Linux and one other (cant remember of the top of my head) blank pages do nothing as the site has been removed months ago.it looks like (http://bagy.net/sitewashere/) I won't give the full address because it does contain some adult words but it shows up the same as that. Our data center says that we get over 1000 requests a second when the attacks happen, more than our server can handle. when the attacks happen its like a 80mbps flow of traffic redirecting will make it worse. > More elaborate would > be a small php script, hell do it in perl or c or whatever, and let the > script analyze the request, and redirect/serve a blank page or your normal > website. > Given the amount of information, i can not be more specific in > answering the > question. Hopefully thats better but Aaron answered my question kina.
Travis R. _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
