[Gluster-infra] DOS on gluster website
Michael Scherer
mscherer at redhat.com
Tue Aug 19 21:03:06 UTC 2014
Hi,
seems the website again did face a dos.
Like last time, the solution is :
- look at varnish log
( tail -f /var/log/varnish/varnishncsa.log )
- see the same IP is trying to connect to
http://198.61.169.132/xmlrpc.php several time per second
- kill the ip
iptables -I INPUT --src $IP -j DROP
- restart varnish ( to kill the connexion )
- restart httpd ( since the child are still busy doing something )
- see the client go back in varnish log.
- enjoy
that's the 2 nd time it happen.
And this is problmatic for 2 reason:
- we do not have proper alerting ( like nagios, etc )
- we do not know how to prevent that ( I suspect a better config of
varnish would help, or getting ride of it and use apache directly, with
proper dos limitation )
--
Michael Scherer
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20140819/bd184126/attachment.sig>
More information about the Gluster-infra
mailing list