9 Oct
2004
9 Oct
'04
12:24 p.m.
IP 213.232.83.91 (Prodigy UK DSL) was hammering london.OG earlier;
5,000+hits in the last couple of hours.
Any thoughts on preventing this in future? Perhaps with Apache or at the
application level. It isn't the first time it's happened either, and it
drives the load on the machine way up. (Not as badly as the MT comment
spammers however... b*stards.)
What I'd much prefer to see is for someone to come up with a workable,
ideally executable, plan rather than just say 'check out mod_throttle'
or whatever.
Cheers, Paul
--
Paul Makepeace .............................. http://paulm.com/inchoate/
"If elephants were green, then I'm sure I can hear the fat lady
singing."
-- http://paulm.com/toys/surrealism/
9 Oct
9 Oct
2:02 p.m.
Paul Makepeace wrote:
IP 213.232.83.91 (Prodigy UK DSL) was hammering
london.OG earlier;
5,000+hits in the last couple of hours.
Any thoughts on preventing this in future? Perhaps with Apache or at the
application level. It isn't the first time it's happened either, and it
drives the load on the machine way up. (Not as badly as the MT comment
spammers however... b*stards.)
What I'd much prefer to see is for someone to come up with a workable,
ideally executable, plan rather than just say 'check out mod_throttle'
or whatever.
Assuming you're running under mod_perl, have a global hash of IPs and
scores. Each score is a Tie::Scalar::Decay. For each page hit, check
the score for the originating IP, and if above a threshold,
system("stuff to filter out all packets from that IP"). Then increment
the score.
You'll need to tweak the threshold and the decay parameters - that is,
the time interval and the decay function.
You might like to also note somewhere what time each IP was blocked and
periodically unblock them. You might also like to have the blocks
expand themselves if there's already a block in place for a near
neighbour of someone you're about to add to the naughty list.
--
header FROM_DAVID_CANTRELL From =~ /david.cantrell/i
describe FROM_DAVID_CANTRELL Message is from David Cantrell
score FROM_DAVID_CANTRELL 15.72 # This figure from experimentation
2:30 p.m.
On Sat, Oct 09, 2004 at 02:02:51PM +0100, David Cantrell wrote:
Assuming you're running under mod_perl, have a
global hash of IPs and
scores. Each score is a Tie::Scalar::Decay. For each page hit, check
the score for the originating IP, and if above a threshold,
system("stuff to filter out all packets from that IP"). Then increment
the score.
This would make a great CPAN module ;)
6807
days inactive
6807
days old
openguides-dev@lists.openguides.org
2 comments
3 participants
participants (3)
-
David Cantrell -
Jesse -
Paul Makepeace