ect: Re: [users@httpd] Apache in under attack. [EXT]
On 14 Jan 2021, at 04:48, Jason Long wrote:
> Server have 4 CPU cores and 6GB of RAM.
> I pasted Apache configuration. In your opinion, which parts of servers must
> be examine?
Throwing more resources at the problem is not likel
only really have about 20-30 modules running.
>
> -Original Message-
> From: Jason Long
> Sent: 12 January 2021 11:14
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under
> attack. [EXT]
>
> It show me:
>
> # n
On Wednesday 13 January 2021 at 10:59:12, Andrea Croci wrote:
> Hi James,
>
> what was the command you used to see that apache uses ~1GB of memory? I
> deleted the mail and that was a bad idea: there were some very useful
> commands you were giving us here.
You can view the entire thread archive
12 January 2021 11:14
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]
It show me:
# netstat -n | grep ':80 ' | grep -v TIME_WAIT
tcp6 0 0 X.X.X.X:80 X.X.X.X:16126 FIN_WAIT2
tcp6 0 0 X.X.X.X:80
On Tuesday 12 January 2021 05:01:09 Jason Long wrote:
> I did below rule, but not worked:
> # iptables -A INPUT -p tcp --syn --dport 80 -m connlimit
> --connlimit-above 20 -j REJECT --reject-with tcp-reset
Lessons learned while trying to stop the &^$>#@# bots from mirroring my
content on a 10 mb
iginal Message-
From: Jason Long
Sent: 12 January 2021 11:51
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]
Output is:
# netstat -n | grep ':80 ' | wc
12 72 960
> How to disable modules? It just a WordPres
anuary 2021 11:14
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]
It show me:
# netstat -n | grep ':80 ' | grep -v TIME_WAIT
tcp6 0 0 X.X.X.X:80 X.X.X.X:16126 FIN_WAIT2
tcp6 0 0 X.X.X.X:80
bout 20-30 modules running.
-Original Message-
From: Jason Long
Sent: 12 January 2021 11:14
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]
It show me:
# netstat -n | grep ':80 ' | grep -v TIME_WAIT
tcp6 0 0 X.X.X
Jason Long
Sent: 12 January 2021 10:33
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]
Output is:
1688 323400 80850 0 /usr/sbin/httpd -DFOREGROUND
6384 517620 129405 0 /usr/sbin/httpd -DFOREGROUND
1163280 3898288 974572 63 /usr/sbin
-
From: Jason Long
Sent: 12 January 2021 10:33
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]
Output is:
1688 323400 80850 0 /usr/sbin/httpd -DFOREGROUND
6384 517620 129405 0 /usr/sbin/httpd -DFOREGROUND
1163280 3898288 9
t: 12 January 2021 10:06
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache in under attack. [EXT]
Modules are:
https://urldefense.proofpoint.com/v2/url?u=https-3A__paste.ubuntu.com_p_DJSWpSP7xZ_&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ec
] Aw: Re: [users@httpd] Apache in under attack. [EXT]
I did below rule, but not worked:
# iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20
-j REJECT --reject-with tcp-reset
On Tuesday, January 12, 2021, 01:15:40 PM GMT+3:30, Florian Schwalm
wrote:
It can be
Subject: Re: [users@httpd] Apache in under attack. [EXT]
System administrators doing it manually???
On Tuesday, January 12, 2021, 01:28:50 PM GMT+3:30, James Smith
wrote:
Rate limiting may work - but the rate may be just slightly to slow for your
setting - manually doing it is a good
Sometimes we are attacked from a farm of machines so it may have to be an ip
range that is the issue
-Original Message-
From: James Smith
Sent: 12 January 2021 10:19
To: 'users@httpd.apache.org'
Subject: RE: [users@httpd] Apache in under attack. [EXT]
Yes - it is something
Message-
From: Jason Long
Sent: 12 January 2021 10:01
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]
I did below rule, but not worked:
# iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20
-j REJECT --reject
hared)
proxy_ftp_module (shared)
proxy_http_module (shared)
rewrite_module (shared)
setenvif_module (shared)
status_module (shared)
-Original Message-
From: Jason Long
Sent: 12 January 2021 10:06
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache in under attack. [EXT]
Mo
Sent: 12 January 2021 09:21
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache in under attack. [EXT]
Thank you, but "Firewalld" or "iptables" can't do it automatically? When an IP
sending many request then it automatically blocked.
On Tuesday, January 12
r web
development stuff it is a better flavour of linux}
What is the output of:
apache2 -t -D DUMP_MODULES
to see what modules you have installed
-Original Message-
From: Jason Long
Sent: 12 January 2021 09:43
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache in under attack.
oxying back to dynamic
> content.
>
> James
>
> -Original Message-----
> From: James Smith
> Sent: 12 January 2021 09:09
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Apache in under attack. [EXT]
>
> Put a firewall rule into block what
Rate limiting may work - but the rate may be just slightly to slow for your
setting - manually doing it is a good thing ...
-Original Message-
From: Jason Long
Sent: 12 January 2021 09:21
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache in under attack. [EXT]
Thank you
have installed
-Original Message-
From: Jason Long
Sent: 12 January 2021 09:43
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache in under attack. [EXT]
Apache configuration is:
https://urldefense.proofpoint.com/v2/url?u=https-3A__paste.ubuntu.com_p_RTC2WWMdYH_&d
James
-Original Message-
From: James Smith
Sent: 12 January 2021 09:09
To: users@httpd.apache.org
Subject: RE: [users@httpd] Apache in under attack. [EXT]
Put a firewall rule into block whatever that first IP address is then.
Something like:
firew
two
web servers - one serving static content and proxying back to dynamic content.
James
-Original Message-
From: James Smith
Sent: 12 January 2021 09:09
To: users@httpd.apache.org
Subject: RE: [users@httpd] Apache in under attack. [EXT]
Put a firewall rule into block whatever that first
ot of small static request (images/css/js) where you run two
web servers - one serving static content and proxying back to dynamic content.
James
-Original Message-
From: James Smith
Sent: 12 January 2021 09:09
To: users@httpd.apache.org
Subject: RE: [users@httpd] Apache in under attack.
e to:
tail -1 access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head
or I often use cut instead of awk..
tail -1 access.log | cut -d ' ' -f 1 | sort | uniq -c | sort -nr | head
-Original Message-
From: Jason Long
Sent: 12 January 2021 08:53
To: user
25 matches
Mail list logo
