[Gluster-infra] DOS on gluster website

Louis Zuckerman me at louiszuckerman.com
Wed Aug 20 15:47:30 UTC 2014

Limiting number of connections would make a DoS easier, not harder.  We
would want to increase the connection limits to better handle DoS.
 However, I dont think this was a DoS.  It looked to me like a brute force
to get access to the blog, probably to spam it.  I set the WP API to return
404 in varnish so that wont happen anymore.

Also worth noting, my changes last night broke the mediawiki, so this
morning I added another exclusion to bypass the cache for wiki pages (in
addition to blog pages).



On Wed, Aug 20, 2014 at 5:45 AM, Michael Scherer <mscherer at redhat.com>

> Le mardi 19 août 2014 à 17:20 -0400, Louis Zuckerman a écrit :
> > My take on the incident was it was a brute force against the XML-RPC
> > API for wordpress.  Intent was probably (imho) to gain access, but
> > because server is not configured that great, it caused DoS.
> >
> >
> > I'm going to do some basic config of the Varnish cache to aggressively
> > cache the static web content & block access to the WP API.
> >
> >
> > If anyone has any other (modest) requests for the Varnish config
> > please reply to this email.
> Looking at varnish config this morning, something that may be missing is
> the limitation on the number of connexion.
> We should set I guess .max_connections somewhere, but i am not sure if
> this would really prevent a dos or something. After all, if we limit the
> varnish connection, in the end, it does the same as apache not
> answering...
> --
> Michael Scherer
> Open Source and Standards, Sysadmin
> _______________________________________________
> Gluster-infra mailing list
> Gluster-infra at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-infra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20140820/8b926dfb/attachment.html>

More information about the Gluster-infra mailing list