Throttling?

Random stuff about serendipity. Discussion, Questions, Paraphernalia.
Post Reply
laze
Regular
Posts: 9
Joined: Wed Aug 23, 2006 7:48 pm

Throttling?

Post by laze »

Hi --

We've been getting hit recently with a barrage of traffic from single IP addresses. They're either comment spammers, email harvesters, or possibly someone trying to hit us with a DOS attack.

When we can, we ban the IP via htaccess or have the host do it at the firewall level. However, a number of times, s9y has brought down the server by maxing out on mysql calls and its processes running away. At one point a single IP had in excess of 7000 database connections open (and active!) I would think that there should be some sort of throttling mechanism built into s9y that would automatically ban an ip that's making dozens of requests per second.

We're currently running version Serendipity 1.1 beta 1 (I know, I know, we should upgrade -- would that help?). Any ideas?

(I can provide an error_log if that would help.)


... Ryan
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Throttling?

Post by garvinhicking »

Hi!

The problem is that if the ban is done at s9y level, it will STILL have one full HTTP hit per connection. So this does not help at all. Blocking, delaying etc. NEEDS to be done at firewall/network level, or at least from within .htaccess.

I recently updated the spamblock plugin to include the recent IPs in a "Deny" directory inside .htaccess. My first test though showed a huge slowdown in Apache requests, seems to result frmo many IPs listed in the 'Deny' rules.

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Post Reply