On Thu, 15 May 2025, Bill Cole wrote:
Root cause of these and others is an ongoing DDoS of RuleQA, coming mostly from Huawei Cloud IPs hitting ruleqa.cgi with stupid queries. Possibly AI crawlers. There were some 'Require not ip' entries in the .htaccess for the worst offenders, but doing that at the HTTP level was still too rough on the machine, so I've inserted the lot at the top of the INPUT chain in iptables. I have also reduced the TCP close/fin/time wait times to clear out dead sessions faster.
Documentation of changes? Or are we relying on root's command history?
Load avg. is now below 1.0.
Yay! -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Should you meet with a person bent on a campaign of terror, intending to murder their fellow men and women, to leave behind a swath of widows, widowers and orphans, to grieve families and nations alike, do the reasonable thing. Kill them. -- Matthew @ StraightForward ----------------------------------------------------------------------- 213 days since SpaceX caught the SuperHeavy booster on the first try
