On Aug 13, 2012, at 9:21 PM, "Jan Steinman" <Jan(a)Bytesmiths.com> wrote:
Like for many
of us, my wiki is hosted on a shared server so I have to be
careful about CPU usage. There's a hacker/attacker who has been recently
flooding my wiki with malicious requests. His intentions may be...
I feel your pain. Don't bother guessing intentions. Don't take it personally.
It's most likely just a bot, following some algorithm. (Well, unless you've done
something to piss someone off, or if your wiki is highly controversial.)
... somehow block the attacker's IP address.
I'm doing this manually right
now in the HTACCESS file, by monitoring CPU usage, checking the IP in the
log and blocking it in htaccess.
Ugh. Not the best way to do it, as they've already caused significant CPU usage
before you even figure out the IP.
Is this a virtual server? If so, where you need to block it is in the firewall, using
ipfw(8). You can make it work so that there is no reply to packets at all, which has the
significant advantage that you actually slow down the attacker, since they have to wait
for a TCP lost packet timeout.
Anything else you do slows you down while your defensive measures are executing.
This is probably not the best place to get advice on ipfw(8), but take my word for it,
that's the place to do it, at the TCP/UDP level. I'd google around for things like
"ipfw denial of service attack" and such.
I've had great (but temporary) success blocking spam that way, buy using ipfw(8) to
block port 25 access from huge address ranges from sections of the globe where I don't
expect email from -- like China. If your wiki is English-oriented and non-global in
nature, perhaps you can stop access to big foreign address ranges to ease the problem.
Good luck!
----------------
:::: Entirely new ways of living are necessary, and if we don't adobt them
voluntarily, we or our children will eventually adopt them involuntarily, and probably
with great pain and difficulty in the process. -- Thom Hartmann
:::: Jan Steinman, EcoReality Co-op ::::
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l