[Gluster-infra] DOS on gluster website

Louis Zuckerman me at louiszuckerman.com
Tue Aug 19 21:20:04 UTC 2014

My take on the incident was it was a brute force against the XML-RPC API
for wordpress.  Intent was probably (imho) to gain access, but because
server is not configured that great, it caused DoS.

I'm going to do some basic config of the Varnish cache to aggressively
cache the static web content & block access to the WP API.

If anyone has any other (modest) requests for the Varnish config please
reply to this email.



On Tue, Aug 19, 2014 at 5:15 PM, Justin Clift <justin at gluster.org> wrote:

> On 19/08/2014, at 10:03 PM, Michael Scherer wrote:
> <snip>
> > - we do not have proper alerting ( like nagios, etc )
> Btw, Louis has just set up pingdom for us, which will sent alerts to
> gluster-infra when the www.gluster.org site goes down.  And let us
> know when it comes back up too. :)
> + Justin
> --
> GlusterFS - http://www.gluster.org
> An open source, distributed file system scaling to several
> petabytes, and handling thousands of clients.
> My personal twitter: twitter.com/realjustinclift
> _______________________________________________
> Gluster-infra mailing list
> Gluster-infra at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-infra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20140819/d94ea0ac/attachment.html>

More information about the Gluster-infra mailing list