[Gluster-infra] DOS on gluster website
mscherer at redhat.com
Tue Aug 19 21:03:06 UTC 2014
seems the website again did face a dos.
Like last time, the solution is :
- look at varnish log
( tail -f /var/log/varnish/varnishncsa.log )
- see the same IP is trying to connect to
http://18.104.22.168/xmlrpc.php several time per second
- kill the ip
iptables -I INPUT --src $IP -j DROP
- restart varnish ( to kill the connexion )
- restart httpd ( since the child are still busy doing something )
- see the client go back in varnish log.
that's the 2 nd time it happen.
And this is problmatic for 2 reason:
- we do not have proper alerting ( like nagios, etc )
- we do not know how to prevent that ( I suspect a better config of
varnish would help, or getting ride of it and use apache directly, with
proper dos limitation )
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the Gluster-infra