Hi Sukender,
On Mon, Feb 9, 2009 at 8:16 AM, Sukender <[email protected]> wrote: > Do your server have a protection software or something similar (I heard some > free exist and are quite good, butn I don't know more)? Of course, we have a firewall that works quite well, the only thing I needed to do is fill it with a blacklist (collected by a script that parses the apache output). I'm looking for a long term solution, more general, an IDS capable of detect and block this kind of "attack". > Is the "948 machines attack" a Distributed DoS? Sure, they are doing an stupid access to the machine, thanks to that I can easily filter the traffic, right now it is almost under control. I though every IP was from Australia, but actually it is from all over places. Does anybody know a good technique to join single IP to block bigger networks? > I find this quite alarming and have two questions that may never have a > perfect answer: "who?", and "why?". No clue, I suppose our server is easy to attack, that's enough. Given the enough time every server is tested, that's not new... but still a pity. But don't see this very alarming, we will work out a solution and right now the server is working fine. > The fact is that it causes the server to be less "user friendly" (slowdowns, > need to login before seeing the timeline). I of course understand your > position, but if all of this is really an attack, this is bad news. Maybe our > previous "problems" with the server came from here?... Could be, the other apache was shared among other projects, and was difficult to spot that kind of traffic... I will look at it, anyway the migration to a virtualized machine gives us more control, so it's a good move. Cheers, Jose-L. -- Jose L. Hidalgo Valiño (PpluX) ---- http://www.pplux.com ---- _______________________________________________ osg-users mailing list [email protected] http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org
