[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

Israel's Most Advanced Tank Shredded To Pieces In Gaza

Chinese Killer Robo Dog

Israeli Officials Belatedly Claim Secret Nuclear Site Destroyed In Last Month's Iran Strikes

Lake County California Has Counted Just 30 Percent of Votes – Ten Days After Polls Closed!

Real Monetary Reform

More Young Men Are Now Religious Than Women In The US

0,000+ online influencers, journalists, drive-by media, TV stars and writers work for State Department

"Why Are We Hiding It From The Public?" - Five Takeaways From Congressional UFO Hearing

Food Additives Exposed: What Lies Beneath America's Food Supply

Scott Ritter: Hezbollah OBLITERATES IDF, Netanyahu in deep legal trouble

Vivek Ramaswamy says he and Elon Musk are set up for 'mass deportations' of millions of 'unelected bureaucrats'

Evidence Points to Voter Fraud in 2024 Wisconsin Senate Race

Rickards: Your Trump Investment Guide

Pentagon 'Shocked' By Houthi Arsenal, Sophistication Is 'Getting Scary'

Cancer Starves When You Eat These Surprising Foods | Dr. William Li

Megyn Kelly Gets Fiery About Trump's Choice of Matt Gaetz for Attorney General

Over 100 leftist groups organize coalition to rebuild morale and resist MAGA after Trump win

Mainstream Media Cries Foul Over Musk Meeting With Iran Ambassador...On Peace

Vaccine Stocks Slide Further After Trump Taps RFK Jr. To Lead HHS; CNN Outraged

Do Trump’s picks Rubio, Huckabee signal his approval of West Bank annexation?

Pac-Man

Barron Trump

Big Pharma-Sponsored Vaccinologist Finally Admits mRNA Shots Are Killing Millions

US fiscal year 2025 opens with a staggering $257 billion October deficit$3 trillion annual pace.

His brain has been damaged by American processed food.

Iran willing to resolve doubts about its atomic programme with IAEA

FBI Official Who Oversaw J6 Pipe Bomb Probe Lied About Receiving 'Corrupted' Evidence “We have complete data. Not complete, because there’s some data that was corrupted by one of the providers—not purposely by them, right,” former FBI official Steven D’Antuono told the House Judiciary Committee in a

Musk’s DOGE Takes To X To Crowdsource Talent: ‘80+ Hours Per Week,’

Female Bodybuilders vs. 16 Year Old Farmers

Whoopi Goldberg announces she is joining women in their sex abstinence


Miscellaneous
See other Miscellaneous Articles

Title: Today's Outage
Source: [None]
URL Source: [None]
Published: Dec 25, 2009
Author: Neil
Post Date: 2009-12-25 21:25:57 by Pinguinite
Keywords: None
Views: 318
Comments: 25

Today the server went down after hundreds of requests came in for various pages within about 38 seconds. The offending IP address is already known on the net as a "comment spammer" though it cannot actually post here.

Apache (the web serving program) already has settings to limit the number of requests it will try to service at one time, and today I've reduced that from 150 to 50. I'm not sure exactly what the optimal setting should be, but if it's too low I'll see warnings about the limit being hit. 150 apparently is never hit. If it is too low then the worst case scenario is a bit slower response time during peak activity. In time I should find the optimal setting.

Good chance though that no one will notice anything different, except perhaps fewer occurances of outages.

It's more ideal to set a limit on the number of requests from a single IP address that Apache would handle but I don't know yet if Apache has that ability.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: Pinguinite (#0)

Thanks for the explanation of the glitch this afternoon.

Any idea what went wrong with 4Oline?

Lod  posted on  2009-12-25   21:40:50 ET  Reply   Trace   Private Reply  


#2. To: Pinguinite (#0)

Good chance though that no one will notice anything different, except perhaps fewer occurances of outages.

good!

christine  posted on  2009-12-25   22:03:17 ET  Reply   Trace   Private Reply  


#3. To: Lod (#1)

Any idea what went wrong with 4Oline?

4umOffline? No idea. I don't host that.

Pinguinite  posted on  2009-12-25   22:04:16 ET  Reply   Trace   Private Reply  


#4. To: christine (#2) (Edited)

"An education isn't how much you have committed to memory, or even how much you know. It's being able to differentiate between what you know and what you don't. ~ Anatole France

Original_Intent  posted on  2009-12-25   22:08:25 ET  Reply   Trace   Private Reply  


#5. To: Original_Intent (#4)

Astute?

Hardly.

I just try and report what goes on here.

Lod  posted on  2009-12-25   22:12:53 ET  Reply   Trace   Private Reply  


#6. To: Lod (#5)

Roger.

"An education isn't how much you have committed to memory, or even how much you know. It's being able to differentiate between what you know and what you don't. ~ Anatole France

Original_Intent  posted on  2009-12-25   22:14:42 ET  Reply   Trace   Private Reply  


#7. To: Pinguinite (#3)

To me, this is illogical -

It could just be me.

#2. To: Pinguinite (#0)

Good chance though that no one will notice anything different, except perhaps fewer occurances of outages.

good!

christine posted on 2009-12-25 22:03:17 ET Reply Trace Private Reply #3. To: Lod (#1)

Any idea what went wrong with 4Oline?

4umOffline? No idea. I don't host that.

Pinguinite posted on 2009-12-25 22:04:16 ET Reply Trace Private Reply #4. To: christine (#2) (Edited)

"An education isn't how much you have committed to memory, or even how much you know. It's being able to differentiate between what you know and what you don't. ~ Anatole France

Original_Intent posted on 2009-12-25 22:08:25 ET Reply Trace Private Reply #5. To: Original_Intent (#4)

Astute?

Hardly.

I just try and report what goes on here.

Lod posted on 2009-12-25 22:12:53 ET Reply Trace Private Reply Edit

Lod  posted on  2009-12-25   22:16:52 ET  Reply   Trace   Private Reply  


#8. To: Pinguinite (#0)

The offending IP address is already known on the net as a "comment spammer" though it cannot actually post here.

Why not?

Itistoolate  posted on  2009-12-25   23:04:41 ET  Reply   Trace   Private Reply  


#9. To: Itistoolate (#8)

Because the spam engine doesn't have an account here to post. To get one it needs to register, and that's what the "captchga" thing is for when you register. Prevents bots from signing up for accounts. (It used to be a problem before that was installed).

Pinguinite  posted on  2009-12-25   23:47:29 ET  Reply   Trace   Private Reply  


#10. To: Pinguinite (#9)

Roger that.

Lod  posted on  2009-12-25   23:54:04 ET  Reply   Trace   Private Reply  


#11. To: Pinguinite (#0) (Edited)

It's more ideal to set a limit on the number of requests from a single IP address that Apache would handle but I don't know yet if Apache has that ability.

You could block it completely, Neil. You're running 2.2.8? BTW, links don't work as I just copied the relative URLs:

Access control by host

If you wish to restrict access to portions of your site based on the host address of your visitors, this is most easily done using mod_authz_host.

The Allow and Deny directives let you allow and deny access based on the host name, or host address, of the machine requesting a document. The Order directive goes hand-in-hand with these two, and tells Apache in which order to apply the filters.

The usage of these directives is:

Allow from address

where address is an IP address (or a partial IP address) or a fully qualified domain name (or a partial domain name); you may provide multiple addresses or domain names, if desired.

For example, if you have someone spamming your message board, and you want to keep them out, you could do the following:

Deny from 10.252.46.165

Visitors coming from that address will not be able to see the content covered by this directive. If, instead, you have a machine name, rather than an IP address, you can use that.

Deny from host.example.com

And, if you'd like to block access from an entire domain, you can specify just part of an address or domain name:

Deny from 192.168.205

Deny from phishers.example.com moreidiots.example
Deny from ke

Using Order will let you be sure that you are actually restricting things to the group that you want to let in, by combining a Deny and an Allow directive:

Order deny,allow
Deny from all
Allow from dev.example.com

Listing just the Allow directive would not do what you want, because it will let folks from that host in, in addition to letting everyone in. What you want is to let only those folks in.

Eff the Bankers

bluegrass  posted on  2009-12-25   23:59:16 ET  Reply   Trace   Private Reply  


#12. To: bluegrass (#11)

Great!

Just what I would have advised.

Big ;-)

Whatever makes it work - thanks much.

Lod  posted on  2009-12-26   0:03:54 ET  Reply   Trace   Private Reply  


#13. To: bluegrass (#11)

You could block it completely, Neil.

Yes, I could. I'm familiar with the directives you posted, but I want a solution that works for what must be many hundreds or thousands of such spiders out there. If I block each IP I discover is a problem, that's fine except that it's an after-the-fact patch. That is, after the server crashes, I block one IP address. Doing that hundreds of times after hundreds of crashes is not what I want. I want a solution that will prevent future spiders from doing what this one did. And of course if an evil spider gets a new IP, then that one is free and clear to strike again.

Ideally, there'd be something in Apache that limits the number of requests a certain IP address can make within a short span of time. If you know of something like that, I'd really appreciate a lead. Thanks.

Pinguinite  posted on  2009-12-26   0:52:43 ET  Reply   Trace   Private Reply  


#14. To: Pinguinite (#13)

Ah. I misunderstood the issue.

Is this on the right track?:

dominia.org/djao/limitipconn2.html

Example conf here:

www.webhostgear.com/279.html

Eff the Bankers

bluegrass  posted on  2009-12-26   1:19:22 ET  Reply   Trace   Private Reply  


#15. To: bluegrass (#14)

Now THAT'S what I'm looking for. I'll check it out. Thanks!

Pinguinite  posted on  2009-12-26   10:58:39 ET  Reply   Trace   Private Reply  


#16. To: Pinguinite (#13)

Ideally, just trace back to the offender and then let's just go there and get it overwith...IMO


"If you love wealth more than liberty, the tranquility of servitude better than the animating contest of freedom, depart from us in peace. We ask not your counsel nor your arms. Crouch down and lick the hand that feeds you. May your chains rest lightly upon you and may posterity forget that you were our countrymen.”—Samuel Adams

Rotara  posted on  2009-12-26   11:03:31 ET  Reply   Trace   Private Reply  


#17. To: Rotara (#16) (Edited)

Ideally, just trace back to the offender and then let's just go there and get it overwith...IMO


as in caddy shack II to their house at night with baseball bats?


The best gun to have, is the gun you have, when you need a gun.

IRTorqued  posted on  2009-12-26   12:35:46 ET  Reply   Trace   Private Reply  


#18. To: Pinguinite (#15)

Awesome! Let me know if it's useful.

Eff the Bankers

bluegrass  posted on  2009-12-26   14:18:50 ET  Reply   Trace   Private Reply  


#19. To: bluegrass (#18)

I can't seem to get it to work. The module loads fine, apache doesn't complain about the new settings so I know the module is in, but it's not denying accesses above the limit I prescribe. I'm not seeing any clues as to why. It acts like nothing is different.

Pinguinite  posted on  2009-12-26   21:57:44 ET  Reply   Trace   Private Reply  


#20. To: Pinguinite (#19)

Do you have the directives in the virtual directory or is it in the global conf? Dumb question, but ExtendedStatus is on, yes?

Another hack:

www.cohprog.com/mod_bandwidth.html

Eff the Bankers

bluegrass  posted on  2009-12-27   7:27:44 ET  Reply   Trace   Private Reply  


#21. To: bluegrass (#20)

Do you have the directives in the virtual directory or is it in the global conf?

Setting them system wide generated an error on Apache reload. Doing them inside Directory tags does not. Then there's no error on an apache reload but it also has no effect. (I'm testing with the download of a large file with the limit set to 1 and I have it downloading twice simultaneously).

Dumb question, but ExtendedStatus is on, yes?

Yes.

Another hack:

I'll check it out.

Pinguinite  posted on  2009-12-27   10:28:08 ET  Reply   Trace   Private Reply  


#22. To: Pinguinite (#21)

Frustrating. One would think that this would be a common enough problem that Apache would have addressed it.

I'll keep digging around.

Eff the Bankers

bluegrass  posted on  2009-12-27   10:32:28 ET  Reply   Trace   Private Reply  


#23. To: bluegrass (#20)

www.cohprog.com/mod_bandwidth.html

Seems the lastest version is only suited for apache 1.3.

I might be able to do my own home brew that works at the firewall level monitoring requests and modifying the firewall temporarily in the event of a flood of requests. Maybe it'll come to that.

Pinguinite  posted on  2009-12-27   10:34:16 ET  Reply   Trace   Private Reply  


#24. To: bluegrass (#22)

Frustrating. One would think that this would be a common enough problem that Apache would have addressed it.

Yes, it would seem. But Apache does a lot of things I don't know anything about, so maybe there's a way.

I'll keep digging around.

Thanks!

Pinguinite  posted on  2009-12-27   10:36:00 ET  Reply   Trace   Private Reply  


#25. To: Pinguinite (#21)

Another:

www.zdziarski.com/projects/mod_evasive/

Eff the Bankers

bluegrass  posted on  2009-12-27   10:39:19 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]