On Aug 13, 2012, at 9:21 PM, "Jan Steinman" <[email protected]> wrote:
>> Like for many of us, my wiki is hosted on a shared server so I have to be >> careful about CPU usage. There's a hacker/attacker who has been recently >> flooding my wiki with malicious requests. His intentions may be... > > I feel your pain. Don't bother guessing intentions. Don't take it personally. > It's most likely just a bot, following some algorithm. (Well, unless you've > done something to piss someone off, or if your wiki is highly controversial.) > >> ... somehow block the attacker's IP address. I'm doing this manually right >> now in the HTACCESS file, by monitoring CPU usage, checking the IP in the >> log and blocking it in htaccess. > > Ugh. Not the best way to do it, as they've already caused significant CPU > usage before you even figure out the IP. > > Is this a virtual server? If so, where you need to block it is in the > firewall, using ipfw(8). You can make it work so that there is no reply to > packets at all, which has the significant advantage that you actually slow > down the attacker, since they have to wait for a TCP lost packet timeout. > > Anything else you do slows you down while your defensive measures are > executing. > > This is probably not the best place to get advice on ipfw(8), but take my > word for it, that's the place to do it, at the TCP/UDP level. I'd google > around for things like "ipfw denial of service attack" and such. > > I've had great (but temporary) success blocking spam that way, buy using > ipfw(8) to block port 25 access from huge address ranges from sections of the > globe where I don't expect email from -- like China. If your wiki is > English-oriented and non-global in nature, perhaps you can stop access to big > foreign address ranges to ease the problem. > > Good luck! > > ---------------- > :::: Entirely new ways of living are necessary, and if we don't adobt them > voluntarily, we or our children will eventually adopt them involuntarily, and > probably with great pain and difficulty in the process. -- Thom Hartmann > :::: Jan Steinman, EcoReality Co-op :::: > > > > > > _______________________________________________ > MediaWiki-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
