[Foundation-l] MediaWiki 1.9.3 under DOS Attacks
Jeff V. Merkey
jmerkey at wolfmountaingroup.com
Fri Mar 23 17:04:11 UTC 2007
Wikigadugi.org has been under a massive Bot-Net generated denial of
service attack since late yesterday. The IP addresses are from China,
Korea, Turkey, and Russia. Blocking at the firewall or proxy just
results in more spawned attacks from hundreds of new and unrelated IP
addresses. I found one solution which was limit the number of
connections httpd allows concurrently and this seems to allow legitimate
users to access the system though the attacks persist. The attack
pattern seems very specific to MediaWiki behavior. It attempts to
load an article then aborts the HTTP request while MediaWiki is churning
through the database, then immediately issues another request for
another article. It in essense shotguns through the entire name space
of articles rapidly. It has trouble taking MediaWiki to its knees but
had no trouble taking squid down to a crawl on the proxies and choking
the network with garbage.
What do you guys do to deal with these zombie bot-net attacks on this scale?
Jeff
More information about the foundation-l
mailing list