[Gluster-infra] DOS on gluster website

[Michael Scherer]

Hi,

seems the website again did face a dos.

Like last time, the solution is :
- look at varnish log 
( tail -f /var/log/varnish/varnishncsa.log )
- see the same IP is trying to connect to 
http://198.61.169.132/xmlrpc.php several time per second
- kill the ip
iptables -I INPUT --src $IP -j DROP

- restart varnish ( to kill the connexion )
- restart httpd ( since the child are still busy doing something )

- see the client go back in varnish log.
- enjoy

that's the 2 nd time it happen.

And this is problmatic for 2 reason:
- we do not have proper alerting ( like nagios, etc )
- we do not know how to prevent that ( I suspect a better config of
varnish would help, or getting ride of it and use apache directly, with
proper dos limitation )

-- 
Michael Scherer
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20140819/bd184126/attachment.sig>