I have noticed on one of my servers that Apache was using up all my RAM. Looking in the logs I see thousands of lines like:
94.102.63.14 - - [03/Sep/2009:10:10:43 +0100] "POST /wiki/PmWikiAdmin/PageHeader?action=edit HTTP/1.1" 200 168 "http://www.wilkesley.net/wiki/PmWikiAdmin/PageHeader?action=edit"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" The wikis on this server are all password protected. It looks as though someone is trying a generic type of spam attack by editing pages. There are a number of different ip addresses being used, which seem to have no obvious connection - it looks as though there are several different groups trying the attack. As a first step I can extract their ip addresses and add them to my hosts.deny, but I don't expect this to be very effective. Does anyone have any alternative suggestions? Ian. _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
