Muhammad Yousuf Khan wrote:
On Wed, Nov 12, 2014 at 6:54 PM, Miles Fidelman
<mfidel...@meetinghouse.net <mailto:mfidel...@meetinghouse.net>> wrote:
Muhammad Yousuf Khan wrote:
NOTE: These help, but if you end up on the attacking end of a
distributed bot attack, it's likely that your Apache
server will
get hosed -- at times, I've had to tune Apache (number of
concurrent processes, number of concurrent queries), to
keep our
server from getting so overloaded that it crashes.
Thank for sharing every bit of information. yes i do want to
tweak Apache concurrent connection and other settings. is
there any formula to do this. would you like to share your
thoughts on this.
Unfortunately, what I shared is about all I know on the topic.
Most of my hardening of Wordpress and Apache was on-the-fly, in
response to a botnet attack. I did some googling and searching
the WordPress plug-in site to find the plug-ins that I use, played
with the settings a bit just to get things working, nothing
orderly or that I could share as a best practice. For Apache, I
just started in the config file and reducing max_ settings until I
reached a level where I wasn't having to restart Apache every few
minutes, or rebooting the machine. Unfortunately, the Wordpress
site still becomes unreachable at times (when under attack), and
the site runs slow at other times (limited number of concurrent
accesses), but at least it doesn't take down the entire server -
which is a good thing as the Wordpress site is a sideline, the
server is really for mail and list processing.
I did come across some references to software that could
dynamically tune IP chains, based on wordpress level attacks -- to
block IP addresses earlier in the processing chain, and I expect
one could push that back to an external firewall -- but I never
went all that far in exploring these. (If you end up doing so,
please report back!).
I am actually a system and network eng. i did all the protection on FW
end. installed IPS/scan detection on linux machine. and my machine is
behind firewall. which i believe is properly configured so there are
many layers of security. but protecting apache traffic it self is a
different domain of security. because WP and template coding may have
loopholes which you may not control from FW. therefore learning the
security of web application it self is an art.
By the way i am working on mod_security and also working on All in one
WP security module. for application layer which i belive will help in
bot and other attackes. i am also planning to install fail2ban however
as i know of F2B it working on bruteforce attacks. which lower in my
working priorityies.
Good to hear that you're working on such. Please advise when you have a
security model to test!
Meanwhile, just to clarify, my thought about external firewalls was
wondering if some of the adaptive firewalling, that can be done through
dynamic change to IP chains configurations, could be extended to dynamic
blocking by an external firewall (WP security module detects a
persistent attack from an IP address, tells external firewall to filter
that address).
BTW thanks for All for sharing your inputs i have learned alot from
this threat. if any one like to add more please go ahead it will help
newbies in protecting there websites.
Well hey, that's what support lists are for (not just debating the
merits of init systems :-).
Cheers,
Miles
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5465fd2c.2060...@meetinghouse.net