I don't see why one should buy special equipment when a code snippet
works. I added the snippet while an msnbot indexing swarm was in
progress. Apparently modifying robots.txt while a msnbot swarm is in
progress doesn't shut them off, and it was msnbot that was
effectively causing a DDOS (if unintended) on my server. The wiki it
was indexing has a lot of large category pages, and the maximum
number of processes in the mysql installation was being overwhelmed.
The snippet exits before any queries are launched, so after I added
the blocker, I got back access to the wiki and several other sites
using the same mysql instance. So it worked for me, because the DDOS
was at the level of mysql limits, not at the level of bandwidth. YMMV.
Even if you didn't want to do this at the wiki level, I don't think
special equipment is needed. If you know where the DDOS is coming
from, you can block at the Apache level, the firewall level, or use
throttling scripts. Captcha is to block spambots, but is not
effective against DDOS.
JH
=====================================
Jim Hu
On Jan 2, 2007, at 7:45 PM, Kasimir Gabert wrote:
Hello Howard,
I am not sure that blocking msnbot from your wiki would accomplish
much. You should also block robots in /robots.txt, not in your
LocalSettings.php file. If you want to protect against DDoS, you can
not do it at a wiki level. You will need to buy special equipment
that detects it on a lower level. (Some links:
http://www.cisco.com/en/US/netsol/ns615/
networking_solutions_sub_solution.html
and
http://www.juniper.net/solutions/service_provider/
network_security/
). If you want to protect against malicious bots, you will have to
use something such as captchas to separate the humans from the bots.
I hope that this helps,
Kasimir Gabert
On 1/2/07, Jim Hu <jimhu(a)tamu.edu> wrote:
This may be a bit extreme, but I added this to my
LocalSettings.php
$agent= " " . $_SERVER['HTTP_USER_AGENT'];
if ( strpos($agent,"msnbot") ) {
exit;
}
found the snippet via Googling.
=====================================
Jim Hu
On Jan 2, 2007, at 6:31 PM, howard chen wrote:
Hello,
Can share something abt in these area?
Thanks.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
--
Kasimir Gabert
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l