Hi, I don't think this can/must be fixed on Koha side. It's a sysadmin duty to take care of that. I would take a look at fail2ban to parse the web server access logs. But make sure not to block your X librarians using the same ip ;)
On Wed, 26 Oct 2016 at 12:28 Pedro Amorim <pjamori...@gmail.com> wrote: > I have tested this and the stress caused on the server is very severe. It > seems that for every request, a new zebra process is created and the server > will only respond when the last one is finished. This ofc will result in > time outs and eventually a crash in the server. > > This is a major critical issue IMO, anyone who knows about this has the > power to deny the service of any Koha online without using any additional > hacking/attacking software. > > The Koha I'm working on right now - still in development - is accessed > behind a proxy server, and I will attempt to solve the problem through > that, by limiting the requests from the same origin with very little time > between them. Still, even if I'm successful with this, the problem will > still lie in Koha. > > Anyone with some sort of insight is very welcome. > > Pedro Amorim > > 2016-10-26 8:24 GMT+00:00 clint.deckard <clint.deck...@frontiers.co.nz>: > > > I have had this issue appear today. I have attempted to set up > mod_evasive > > for apache but it doesn't seem to have solved the problem. > > I would really appreciate some advice. > > Clint. > > > > > > rfblanchard wrote: > > > >> Assume a basic opac search: > >> http://..../cgi-bin/koha/opac-search.pl?q=dog&branch_group_l > >> imit=branch%3A349 > >> > >> This would take about 10 seconds to return the first time. > >> > >> Assume the user refreshes the results using f5 and keep there finger > >> there a > >> moment to long (3s): > >> This would kill my server for about 1 minute. > >> > >> Any attacker could easily make the server unresponsive indefinitely by > >> simply holding f5 on an opac search. > >> > >> Any recommendations on how to deal with this problem? > >> > >> here is a sample from top: > >> > >> Tasks: 313 total, 3 running, 309 sleeping, 0 stopped, 1 zombie > >> %Cpu(s): 93.7 us, 5.2 sy, 0.0 ni, 1.0 id, 0.2 wa, 0.0 hi, 0.0 si, > >> 0.0 > >> st > >> KiB Mem: 16465036 total, 1532492 used, 14932544 free, 63180 buffers > >> KiB Swap: 8526844 total, 0 used, 8526844 free. 505124 cached > >> Mem > >> > >> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ > >> COMMAND > >> 7027 peischo+ 20 0 416164 162924 12756 S 58.8 1.0 0:26.43 > >> /usr/share/koha > >> 7009 peischo+ 20 0 416800 163524 12756 S 56.5 1.0 0:33.77 > >> /usr/share/koha > >> 7444 peischo+ 20 0 129832 15216 5900 R 37.2 0.1 0:01.12 > >> zebrasrv > >> 7445 peischo+ 20 0 129832 15216 5900 R 35.6 0.1 0:01.07 > >> zebrasrv > >> 1151 mysql 20 0 886564 181096 10808 S 8.6 1.1 1:27.57 > mysqld > >> 7435 koha 20 0 25892 3272 2528 R 0.3 0.0 0:00.03 top > >> 1 root 20 0 176144 5044 3096 S 0.0 0.0 0:01.43 > >> systemd > >> 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 > >> kthreadd > >> > >> > >> > >> -- > >> View this message in context: http://koha.1045719.n5.nabble. > >> com/F5-Attacks-tp5906098.html > >> Sent from the Koha-general mailing list archive at Nabble.com. > >> _______________________________________________ > >> Koha mailing list http://koha-community.org > >> Koha@lists.katipo.co.nz > >> https://lists.katipo.co.nz/mailman/listinfo/koha > >> > > _______________________________________________ > > Koha mailing list http://koha-community.org > > Koha@lists.katipo.co.nz > > https://lists.katipo.co.nz/mailman/listinfo/koha > > > _______________________________________________ > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > https://lists.katipo.co.nz/mailman/listinfo/koha > _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha