I notice occasional spikes on my server load and when I check access logs I notice a pattern for some automated forum poster that tries to repeatedly access a comment/reply URL. What would be the best way to throttle /ban these for a few minutes / hours? Can CSF for example do sg like this? I am really looking for a quick and dirty solution.
Asked
Active
Viewed 400 times
2
-
3http://www.fail2ban.org/wiki/index.php/Main_Page – quanta Aug 22 '12 at 14:22
-
Awesome, looks like the solution. Care to post it as an answer so I can accept it? – giorgio79 Aug 22 '12 at 15:13
1 Answers
2
Iptables could be used to that end.
Blocking parallell connections:
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit \
--connlimit-above 20 -j REJECT --reject-with tcp-reset
Blocking floods (block more than 10 connections per minute) :
iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
--update --seconds 60 --hitcount 10 -j DROP
Ярослав Рахматуллин
- 312
- 1
- 12