> Like for many of us, my wiki is hosted on a shared server so I have to be
> careful about CPU usage. There's a hacker/attacker who has been recently
> flooding my wiki with malicious requests. His intentions may be...

I feel your pain. Don't bother guessing intentions. Don't take it personally. 
It's most likely just a bot, following some algorithm. (Well, unless you've 
done something to piss someone off, or if your wiki is highly controversial.)

> ... somehow block the attacker's IP address. I'm doing this manually right
> now in the HTACCESS file, by monitoring CPU usage, checking the IP in the
> log and blocking it in htaccess.

Ugh. Not the best way to do it, as they've already caused significant CPU usage 
before you even figure out the IP.

Is this a virtual server? If so, where you need to block it is in the firewall, 
using ipfw(8). You can make it work so that there is no reply to packets at 
all, which has the significant advantage that you actually slow down the 
attacker, since they have to wait for a TCP lost packet timeout.

Anything else you do slows you down while your defensive measures are executing.

This is probably not the best place to get advice on ipfw(8), but take my word 
for it, that's the place to do it, at the TCP/UDP level. I'd google around for 
things like "ipfw denial of service attack" and such.

I've had great (but temporary) success blocking spam that way, buy using 
ipfw(8) to block port 25 access from huge address ranges from sections of the 
globe where I don't expect email from -- like China. If your wiki is 
English-oriented and non-global in nature, perhaps you can stop access to big 
foreign address ranges to ease the problem.

Good luck!

----------------
:::: Entirely new ways of living are necessary, and if we don't adobt them 
voluntarily, we or our children will eventually adopt them involuntarily, and 
probably with great pain and difficulty in the process. -- Thom Hartmann
:::: Jan Steinman, EcoReality Co-op ::::





_______________________________________________
MediaWiki-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

Reply via email to