Hi Jose-Luis, I'm not a "web server" expert, but may attacks be adresed in a different way? Do your server have a protection software or something similar (I heard some free exist and are quite good, butn I don't know more)? Is the "948 machines attack" a Distributed DoS?
I find this quite alarming and have two questions that may never have a perfect answer: "who?", and "why?". The fact is that it causes the server to be less "user friendly" (slowdowns, need to login before seeing the timeline). I of course understand your position, but if all of this is really an attack, this is bad news. Maybe our previous "problems" with the server came from here?... Sukender PVLE - Lightweight cross-platform game engine - http://pvle.sourceforge.net/ Le Sun, 08 Feb 2009 19:33:26 +0100, Jose Luis Hidalgo <[email protected]> a écrit: > Hi Paul, > > Right now OSG is being attacked from Australia, or at least that's > what looks like... but 948 different machines accessing to invalid > pages from trac makes me think something wrong is going on. > > The problem is, that timeline is a very very expensive view to > generate for Trac, and is quite easy to make the server inaccessible > by just launching a set of machines access to that view, the same > happens to other parts of Trac. For example, the attack from Australia > exploits the fact that an access to an invalid Ticket number causes > python to launch an exception... > > ... so, that's why I want to minimize what an anonymous user can view, > or not. Hope is a bit clear now. > > Jose-L. > > > On Sun, Feb 8, 2009 at 7:20 PM, Paul Melis > <[email protected]> wrote: >> Jose Luis Hidalgo wrote: >>> Hi Paul, >>> >>> I'm making some restrictions, reducing what anonymous can see, and >>> keeping what authenticated users can view. Check it now, please (while >>> logged in). >>> >> I can understand that you want to keep certain stuff away from anonymous >> visitors (like wiki editing), but I don't see the point of making the >> timeline view dependent on being logged in. >> It doesn't allow you to change anything, while it does provide a useful >> view of wiki edits and svn checkins. >> >> Paul >> _______________________________________________ >> osg-users mailing list >> [email protected] >> http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org >> _______________________________________________ osg-users mailing list [email protected] http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org
