Sounds like you were hit by Slowloris (http://ha.ckers.org/slowloris/ ).
AFAIK there is no way to defend against it with Apache, other than using
some external service or a reverse proxy that is not vulnerable to it.
Perhaps this might help: http://www.funtoo.org/en/security/slowloris/
Also, it
On Apr 26, 5:03 am, Haron Media i...@haronmedia.com wrote:
Also, it was not necessarily distributed since the nature of attack
could allow single machine used to attack. What do your logs say, how
many IPs were involved?
Directly involved from slowloris, 2241 based on firewall counters.
Total
Varnish or Squid in front of the origin would have prevented the
attack from getting to the Origin. My preference would have been
Varnish since I can write VCL to filter out other requests. A layer 7
load balancer could also be used, but, again required changes to the
backend. We ended up
On Apr 26, 4:19 pm, Haron Media i...@haronmedia.com wrote:
Anyways, so I was wondering how soon before the botnets start deploying
slowloris. Seems like they already have.
So far, every machine we've checked that was hitting the machine with
slowloris is running linux. Since Windows can't
Since I originally posted this. I ported my servers to a new VPS.
There was no real way to avoid the attacks
on the VPS. Ideally I need to port my servers to a dedicated machine
with an IDS infront to filter the blighters out.
Soft-based solutions woul still take a hit on performance.
On Apr 26,
After dealing with a DDOS today on a site (non-pylons, but the issue
is still the same), it became very evident that there are very few
hooks in apache that allow you to drop a connection where it needs to
be dropped. mod_security/mod_evasive don't hook apache early enough
in the request phase to
You may like fail2ban project :
http://www.fail2ban.org/
It's a Python script who automaticaly update tcp-wrapper and iptables
Basicaly fail2ban block brute force passords attacks but you can also
use it to
block some Apache/ssh/bind attacks. See the default filters rules.
You can also create
On Tue, Apr 6, 2010 at 6:45 PM, gazza burslem2...@yahoo.com wrote:
I was told to use mod evasive with apache? I dont have any firewall
I'm running on a VPS on
linux with a pylons web server.
If indeed it is small numbers of IPs, don't forget about tcpwrappers
(hosts.allow and hosts.deny);
On Apr 7, 10:55 pm, Matt Feifarek matt.feifa...@gmail.com wrote:
If indeed it is small numbers of IPs, don't forget about tcpwrappers
(hosts.allow and hosts.deny); probably easier to get going than iptables.
tcpwrappers only works for services started from inetd or that have
explicit support
Hey Guys,
Somebody I'm told is sending DOS attacks to my site? I need some
guidance on what to install. Driving me a little crazy.
Ideas welcome...
Thanks,
Garyc
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send
You would handle this at the firewall level, are you in charge of the
firewall?
The ideal here is to block the offending ip address or blocks of ip
addresses.
On Tue, Apr 6, 2010 at 6:46 PM, gazza burslem2...@yahoo.com wrote:
Hey Guys,
Somebody I'm told is sending DOS attacks to my site? I
this at the firewall level, are you in charge of the
firewall?
The ideal here is to block the offending ip address or blocks of ip
addresses.
On Tue, Apr 6, 2010 at 6:46 PM, gazza burslem2...@yahoo.com wrote:
Hey Guys,
Somebody I'm told is sending DOS attacks to my site? I need some
guidance
address or blocks of ip
addresses.
On Tue, Apr 6, 2010 at 6:46 PM, gazza burslem2...@yahoo.com wrote:
Hey Guys,
Somebody I'm told is sending DOS attacks to my site? I need some
guidance on what to install. Driving me a little crazy.
Ideas welcome...
Thanks,
Garyc
burslem2...@yahoo.com wrote:
Hey Guys,
Somebody I'm told is sending DOS attacks to my site? I need some
guidance on what to install. Driving me a little crazy.
Ideas welcome...
Thanks,
Garyc
--
You received this message because you are subscribed to the Google
Have you looked at the logs to determine whether you are under a D/DOS
attack?
for mod_evasive: http://www.apachelounge.com/viewtopic.php?t=917
contains a pretty decent guide.
However, you'll need to set up some decent firewall rules if you are
under attack once you determine the type of attack.
15 matches
Mail list logo
