_____/ On Wed 12 Oct 2005 13:25:20 BST, [Amit Gupta] wrote : \_____
Roy Schestowitz <r@xxxxxxxxxxxxxxx> wrote:
| Getting back on topic, the scale of the attacks is beginning to
become scary,
| not just worrying. As I said at the start, it continues to grow by
the day
| (nearing 2 weeks now) and it's reaching the point where I get tens of
| thousands
| of page requests from a variety of UIP's. This still gets worse by
the
| hour and
| I am running out of bandwidth (although I re-directed to reduce it),
not to
| mention the speed penalty that the shared server is susceptible to.
|
| These attacks can wind up costing hundreds of pounds, not to mention
| the time I
| spend/t trying to stop them. I have no root access to the Web server.
Any
| suggestions? I would rather not tell the hosts and ignite some sort
of
| reputation of a trouble-maker
I think it would be wise to block the offending IPs for some time(using
.htaccess). If they similar, then block their entire C class block. I
had an
attack of this kind sometime back & blocked 2-3 C class blocks that were
the repeat offenders for sometime. this might loose out on some
legitimate traffic but its worth it in my opinion.
The spammy traffic is getting violently high at the moment, so I am forced to
act upon it quickly. AWStats has been running for a long time (still does)
processing the logs of the past 3 hours. I have just downloaded today's log
(over 15 MB since midnight, but traffic peaking drastically this
afternoon) and
my worst fear is a reality. The IP addresses of the offenders are so
well-distributed that you could barely ever isolate ham from spam using IP
blocks as a criterion. Blocks A-D vary a lot.
also, if your host is not an idiot, they wouldn't label you as a trouble
maker
if you go to them with this problem. it would be wise as well to let
them
know of the problem, as they are better equipped to handle the situation
than you are, as they too don't want someone sniping away at their
server, possibly a DoS attack!! :)
I'll tell them immediately, thanks for the suggestion. I wish I had done that
when it all got started, but I was on vacation. I wonder what trick a host
could possibly pull off the sleeve. If they cannot filter successfully, the
site might have to go down. Spammers should be shot.
Roy
--
Roy S. Schestowitz | Useless fact: Sharks are immune to cancer
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
5:15pm up 48 days 5:29, 4 users, load average: 0.16, 0.61, 0.59
http://iuron.com - next generation of search paradigms
|
|
