Doesnt the ip's defined in pg_hba.conf affect on incoming connections only? I think, that since the connection comes via DSpace the ip would be localhost (DSpace running on same server with DSpace) rather than the malicious users own IP and thus cant be blocked?
-Mika -----Alkuperäinen viesti----- Lähettäjä: Thornton, Susan M. (LARC-B702)[NCI INFORMATION SYSTEMS] [mailto:[EMAIL PROTECTED] Lähetetty: 31. lokakuuta 2007 19:51 Vastaanottaja: Mika Stenberg; [email protected] Aihe: RE: [Dspace-tech] Blocking a malicious user You can block ip addresses at the postgreSQL level in the pg_hba.conf file. Here is a person I blocked by ip address who was sending all kinds of GET requests to our DSpace server: host all all malicious.ip 255.255.255.255 reject Sue Walker-Thornton NASA Langley Research Center ConITS Contract 757-224-4074 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mika Stenberg Sent: Wednesday, October 31, 2007 6:00 AM To: [email protected] Subject: Re: [Dspace-tech] Blocking a malicious user We've had problems like that as well. Blocking specific IP's works only for a while since many bots and spammers seem to change their IP frequently. We didnt come up with a decent solution for this, but blocking an entire country of origin for a period of time has been on my mind. Managing the allowed requests / timeslot for a specific IP might also do the trick. -Mika > If they're nasty enough, though, they'll drown your Apache or Tomcat > server in replying with 403s. I've had times that I needed to be > absolutely merciless and block at the firewall level, using iptables; > then they don't even get as far as userspace. > > On Tue, 2007-10-30 at 14:01 -0500, Tim Donohue wrote: > > George, > > > > We had a similar problem to this one in the past (a year or so ago). I > > > just flat out blocked the IP altogether (not even specific to > > /bitstream/) via this Apache configuration: > > > > <Location /> > > Order Allow,Deny > > > > Deny from {malicious ip} > > > > Allow from all > > </Location> > > > > This looks similar to your config though (except it blocks all access > > from that IP). > > > > - Tim > > > > George Kozak wrote: > > > Hi... > > > > > > I am having a problem with an IP that keeps sending thousands of "GET > > > > /bitstream/..." requests for the same item. > > > > > > I have placed the following in my Apache.conf file: > > > > > > <Directory /bitstream/> > > > Options Indexes FollowSymLinks MultiViews > > > AllowOverride All > > > Order allow,deny > > > allow from all > > > deny from {malicious ip} > > > </Directory> > > > > > > I also placed the following in my server.xml in Tomcat: > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > > > deny="xxx\.xxx\.xxx\.xx" /> > > > > > > However, this person still seems to be getting through. My java > > > process is running from 50%-80% CPU usage. Does anyone have a good > > > idea on how to shutout a malicious IP in DSpace? > > > > > > *************************** > > > George Kozak > > > Coordinator > > > Web Development and Management > > > Digital Media Group > > > 501 Olin Library > > > Cornell University > > > 607-255-8924 > > > *************************** > > > [EMAIL PROTECTED] > > > > > > > > > > ------------------------------------------------------------------------ - > > > This SF.net email is sponsored by: Splunk Inc. > > > Still grepping through log files to find problems? Stop. > > > Now Search log events and configuration files using AJAX and a > browser. > > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > > _______________________________________________ > > > DSpace-tech mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > > > > > > ------------------------------------------------------------------------ - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
