[Foundation-l] MediaWiki 1.9.3 under DOS Attacks

Jeff V. Merkey jmerkey at wolfmountaingroup.com
Fri Mar 23 17:04:11 UTC 2007

Wikigadugi.org has been under a massive Bot-Net generated denial of 
service attack since late yesterday.  The IP addresses are from China, 
Korea, Turkey, and Russia.  Blocking at the firewall or proxy just 
results in more spawned attacks from hundreds of new and unrelated IP 
addresses.  I found one solution which was limit the number of 
connections httpd allows concurrently and this seems to allow legitimate 
users to access the system though the attacks persist.  The attack 
pattern seems very specific to MediaWiki behavior.    It attempts to 
load an article then aborts the HTTP request while MediaWiki is churning 
through the database, then immediately issues another request for 
another article.  It in essense shotguns through the entire name space 
of articles rapidly.  It has trouble taking MediaWiki to its knees but 
had no trouble taking squid down to a crawl on the proxies and choking 
the network with garbage. 

What do you guys do to deal with these zombie bot-net attacks on this scale?


More information about the foundation-l mailing list