In an effort to cut down on server load
2014-06-21 02:50:04.990972+00 by Dan Lyke 6 comments
In an effort to cut down on server load, I'm denying somewhere north of 1500 spamming IP addresses using ufw/iptables. Fingers crossed...
2014-06-21 02:50:04.990972+00 by Dan Lyke 6 comments
In an effort to cut down on server load, I'm denying somewhere north of 1500 spamming IP addresses using ufw/iptables. Fingers crossed...
comments in ascending chronological order (reverse):
#Comment Re: made: 2014-06-22 02:17:27.862994+00 by: meuon
I've toyed with putting up pages that look like popular exploits, like WordPress or PHPMyAdmin login pages, and having that create iptables rules to block IP's.
#Comment Re: made: 2014-06-23 02:16:33.428093+00 by: Dan Lyke
Basically what I did, except that the honey pot is an existing script, I was just looking for specific POST variables.
#Comment Re: made: 2014-07-14 17:40:59.668367+00 by: Dan Lyke
So three weeks later: Holy cow, it is amazing how much server load got cut by denying access to just those machines. The list is actually standing at 1458, but they were hammering the server.
What's disappointing now is just how much server traffic is generated by bots. We really need NNTP for the web.
#Comment Re: made: 2014-07-15 04:13:27.043736+00 by: meuon
Hmm.. wonder if there is any value in creating a good way to share those lists among hosts.
#Comment Re: made: 2014-07-15 15:28:39.455644+00 by: Dan Lyke
I was shocked at how few IP addresses there are on the list, I'd expected tens of thousands stupidly hammering my various CGI scripts with WordPress form contents.
I'll happily share them, but...
But between you and me? Sure, in fact we could just set up a cron job that does a "ufw status | grep DENY"...
#Comment Re: made: 2014-07-16 01:57:33.955709+00 by: meuon
Saw this about GeoIP and thought of you... will be hanging with Gabriel in Black Rock.