On February 28, 2008, Randal Rust wrote: > On Thu, Feb 28, 2008 at 10:33 AM, Cliff Hirsch <[EMAIL PROTECTED]> wrote: > > What kind of hit? Does the url have "attack" strings? Check out phpids > > -- might help. > > here is what i know: > > 1. got up this AM and was getting error messages that there are too > many connections to the database > 2. the hosting company looked at the server logs and sent me this: > > 7-0 28568 0/1/1 W 0.08 5 0 0.0 0.01 0.01 64.185.201.77 > ohiohistorycentral.org GET /entry.php?rec=891 HTTP/1.0
You know, all modern browsers - for the last ten years - use http/1.1 rather than 1.0. So you can probably just discard all http/1.0 requests as being clearly the work of machines rather than humans. > 16-0 28585 0/2/2 W 0.08 2 0 0.0 0.03 0.03 127.0.0.1 > localhost.localdomain GET /dsm-server-status HTTP/1.0 Your monitoring software will stop working if you do. Also, if you're running a niche site which it appears you are, feel free to ban areas of the world that annoy you. I see you have requests coming in from Mumbai, Japan, Spain, etc. It seems unlikely that these are people actually interested in the history of Ohio. So feel free, at the server or Apache level, to just deny requests from large swathes of the IP address space. You won't lose many (or any) legitimate viewers. You should solve this problem at the server or Apache level (or higher), not at the PHP level. I don't know how much control you have over the server, but if it's your machine, you can use, e.g., hosts.deny to block IP address ranges that annoy you. Michael Sims _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
