On 8/25/2010 5:33 AM, J and T wrote:
> Hello,
>
> I've been a Shorewall user and supporter for many years and it has
> been a great tool. But recently our Web servers have been under attack
> and I can figure out how to stop it. The problem is that the attacks
> are coming in on port 80 all from different IPs. I'm talking thousands
> of requests per hour. I can't find any information on how to stop this
> kind of attack. What I'm doing right now is redirecting these from cgi
> to a page using mod rewrite, but this isn't stopping all these
> requests from being initiated and it's killing our server. Any ideas
> on what to do?
I've been using with very good results the script from here:
http://deflate.medialayer.com/
I would recommend using the following line in it though:
netstat -ntu | grep ":80" | awk '{print $5}' | sed s/::ffff:// | cut -d:
-f1 | sort | uniq -c | sort -nr > $BAD_IP_LIST
Good luck,
Marius
------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
