wiki:jazz/10-02-26

Version 11 (modified by jazz, 15 years ago) (diff)

--

2010-02-26

  • 遇到沒品的 426 .... 沒事同時發起個 176 個 web 連線到 trac ....
    jazz@drbl:~$ cat 10-02-26_trac_down_reason.log | grep ":" | awk '{ print $5 }' | sed 's#\:.*##' | sort -n | uniq -c | sort -n
    ... 略 ....
          3 114.25.224.118
        176 124.254.15.50
    
    • 設了好幾個做法都很難阻擋,包括 /etc/hosts.deny ... 乾脆來一招狠的: 所有來自這個 IP 的封包全部 DROP 掉,北京使用這個 IP 的朋友....我也沒辦法了....你們有害群之馬
      iptables -A INPUT -s 124.254.15.50 -j DROP
      

System Security

Apache / Lighttp Security

  • [參考] 那如果用 Lighttpd 呢?? 從 "lighty > limit amount of concurrent connections by client?", 寫到:
    • 修改 server.modules 設定檔
      server.modules              = (
                                     "mod_rewrite",
                                     "mod_access",
                                     "mod_auth",
                                     "mod_status",
                                     "mod_fastcgi",
                                     "mod_compress",
                                     "mod_rrdtool",
                                     "mod_accesslog",
                                     "mod_evasive" );
      
    • 指定每個 IP 最多可連線個數:
      evasive.max-conns-per-ip = 10
      

Attachments (4)

Download all attachments as: .zip