On Wed, Nov 12, 2014 at 6:54 PM, Miles Fidelman <mfidel...@meetinghouse.net> wrote:
> Muhammad Yousuf Khan wrote: > >> >> >> >> NOTE: These help, but if you end up on the attacking end of a >> distributed bot attack, it's likely that your Apache server will >> get hosed -- at times, I've had to tune Apache (number of >> concurrent processes, number of concurrent queries), to keep our >> server from getting so overloaded that it crashes. >> >> >> >> Thank for sharing every bit of information. yes i do want to tweak Apache >> concurrent connection and other settings. is there any formula to do this. >> would you like to share your thoughts on this. >> >> Unfortunately, what I shared is about all I know on the topic. Most of > my hardening of Wordpress and Apache was on-the-fly, in response to a > botnet attack. I did some googling and searching the WordPress plug-in > site to find the plug-ins that I use, played with the settings a bit just > to get things working, nothing orderly or that I could share as a best > practice. For Apache, I just started in the config file and reducing max_ > settings until I reached a level where I wasn't having to restart Apache > every few minutes, or rebooting the machine. Unfortunately, the Wordpress > site still becomes unreachable at times (when under attack), and the site > runs slow at other times (limited number of concurrent accesses), but at > least it doesn't take down the entire server - which is a good thing as the > Wordpress site is a sideline, the server is really for mail and list > processing. > > I did come across some references to software that could dynamically tune > IP chains, based on wordpress level attacks -- to block IP addresses > earlier in the processing chain, and I expect one could push that back to > an external firewall -- but I never went all that far in exploring these. > (If you end up doing so, please report back!). > > I am actually a system and network eng. i did all the protection on FW end. installed IPS/scan detection on linux machine. and my machine is behind firewall. which i believe is properly configured so there are many layers of security. but protecting apache traffic it self is a different domain of security. because WP and template coding may have loopholes which you may not control from FW. therefore learning the security of web application it self is an art. By the way i am working on mod_security and also working on All in one WP security module. for application layer which i belive will help in bot and other attackes. i am also planning to install fail2ban however as i know of F2B it working on bruteforce attacks. which lower in my working priorityies. BTW thanks for All for sharing your inputs i have learned alot from this threat. if any one like to add more please go ahead it will help newbies in protecting there websites. Thanks, MYK > Happy Tuning, > > Miles > > -- > In theory, there is no difference between theory and practice. > In practice, there is. .... Yogi Berra > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a > subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/54636694.2090...@meetinghouse.net > >
