> Like for many of us, my wiki is hosted on a shared server so I have to be > careful about CPU usage. There's a hacker/attacker who has been recently > flooding my wiki with malicious requests. His intentions may be...
I feel your pain. Don't bother guessing intentions. Don't take it personally. It's most likely just a bot, following some algorithm. (Well, unless you've done something to piss someone off, or if your wiki is highly controversial.) > ... somehow block the attacker's IP address. I'm doing this manually right > now in the HTACCESS file, by monitoring CPU usage, checking the IP in the > log and blocking it in htaccess. Ugh. Not the best way to do it, as they've already caused significant CPU usage before you even figure out the IP. Is this a virtual server? If so, where you need to block it is in the firewall, using ipfw(8). You can make it work so that there is no reply to packets at all, which has the significant advantage that you actually slow down the attacker, since they have to wait for a TCP lost packet timeout. Anything else you do slows you down while your defensive measures are executing. This is probably not the best place to get advice on ipfw(8), but take my word for it, that's the place to do it, at the TCP/UDP level. I'd google around for things like "ipfw denial of service attack" and such. I've had great (but temporary) success blocking spam that way, buy using ipfw(8) to block port 25 access from huge address ranges from sections of the globe where I don't expect email from -- like China. If your wiki is English-oriented and non-global in nature, perhaps you can stop access to big foreign address ranges to ease the problem. Good luck! ---------------- :::: Entirely new ways of living are necessary, and if we don't adobt them voluntarily, we or our children will eventually adopt them involuntarily, and probably with great pain and difficulty in the process. -- Thom Hartmann :::: Jan Steinman, EcoReality Co-op :::: _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
