On Sat, Jul 23, 2011 at 11:12 PM, MagicWISP <sa...@magicwisp.com> wrote:
> > Quoting Jake Vickers <j...@qmailtoaster.com>: > > On 07/23/2011 12:03 PM, Eric Shubert wrote: >> >>> On 07/23/2011 08:35 AM, Jake Vickers wrote: >>> >>>> On 07/23/2011 07:35 AM, Jake Vickers wrote: >>>> >>>>> I have the wiki offline for a while this weekend. Seems whenever I >>>>> bring it online, apache2 gets hammered until the box becomes >>>>> unresponsive. I am moving some things to a new server, but I need to >>>>> think about what to do about this as well. >>>>> I will post again when there is an update or it's been moved. >>>>> >>>> >>>> The wiki should be back online now at the new IP address - I think I >>>> found the IP that was ddos'ing the wiki and have blocked it. I have also >>>> added in a few items that should help prevent this in the future. Be >>>> aware that if you perform 300 wgets in 300 seconds against the wiki, you >>>> will be blocked for 10 minutes. If your IP does it again, you're blocked >>>> for good. >>>> >>>> ------------------------------**------------------------------** >>>> --------------------- >>>> >>> >>> Out of curiosity, what'd you do/use to achieve that block? >>> There was someone on the spamdyke list asking about how to perhaps >>> throttle/block spammers with smtp 25/587 access (authenticated). >>> >>> >> If you want a hammer, you can iptables it - here's one I use on some >> server to prevent hammering on port 25: >> -A INPUT -i eth0 -p tcp -m tcp --dport 25 -m state --state NEW -m recent >> --update --seconds 60 --hitcount 10 --name DEFAULT --rsource -j DROP >> -A INPUT -i eth0 -p tcp -m tcp --dport 25 -m state --state NEW -m recent >> --set --name DEFAULT --rsource >> >> So the above blocks any IP trying more than 10 connections in 60 seconds >> on port 25. >> >> For the one I'm using specifically for the wiki, I'm using fail2ban to >> filter this. You could easily set it up to never "full ban", and only >> throttle for specific periods of time. Here's what I'm using for the wiki >> page: >> >> //jail.conf >> [http-get-dos-wiki] >> enabled = true >> port = http,https >> filter = http-get-dos-wiki >> logpath = /var/log/apache2/wiki.**qmailtoaster.com-access.log >> maxretry = 300 # Count the number of connections >> findtime = 300 # The timeframe we count the above >> bantime = 600 # How long we ban for >> action = iptables[name=HTTP, port=http, protocol=tcp] >> >> //filter.d/http-get-dos-wiki.**conf >> # Fail2Ban configuration file >> >> >> [Definition] >> >> # This regex will match all GET entries in the wiki logs, so basically all >> requests match. >> # Controlling how many/how often a hsot connects before we term it "bad" >> is controlled in the jail.conf file. >> >> failregex = ^ -.*GET >> >> # Option: ignoreregex >> # Notes.: regex to ignore. If this regex matches, the line is ignored. >> # Values: TEXT >> # >> ignoreregex = >> >> >> >> >> ------------------------------**------------------------------** >> --------------------- >> Qmailtoaster is sponsored by Vickers Consulting Group ( >> www.vickersconsulting.com) >> Vickers Consulting Group offers Qmailtoaster support and installations. >> If you need professional help with your setup, contact them today! >> ------------------------------**------------------------------** >> --------------------- >> Please visit qmailtoaster.com for the latest news, updates, and >> packages. >> To unsubscribe, e-mail: qmailtoaster-list-unsubscribe@** >> qmailtoaster.com <qmailtoaster-list-unsubscr...@qmailtoaster.com> >> For additional commands, e-mail: qmailtoaster-list-help@** >> qmailtoaster.com <qmailtoaster-list-h...@qmailtoaster.com> >> >> >> >> > I'm assuming this was why I couldn't view the wiki yesterday. I just hope > it wasn't my IP doing something silly. LOL > > ------------------------------**------------------------------**---- > This message was sent using IMP, the Internet Messaging Program. > > > > ------------------------------**------------------------------** > --------------------- > Qmailtoaster is sponsored by Vickers Consulting Group ( > www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > ------------------------------**------------------------------** > --------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > To unsubscribe, e-mail: qmailtoaster-list-unsubscribe@** > qmailtoaster.com <qmailtoaster-list-unsubscr...@qmailtoaster.com> > For additional commands, e-mail: qmailtoaster-list-help@** > qmailtoaster.com <qmailtoaster-list-h...@qmailtoaster.com> > > Hi, wiki.qmailtoaster.com takes me to here now "Vickers Consulting Group Email System" Earlier it used to go here http://wiki.qmailtoaster.com/index.php/Main_Page ? Khan Md. Ashraf