httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neville Hillyer <n.hill...@open.ac.uk>
Subject [users@httpd] Re limiting connections per ip address in apache2 when under attack
Date Thu, 21 Jun 2007 16:55:03 GMT
I have been running a QPQ server for over 10 years and yesterday, for the
first time, I had something similar. The 'status' window was blacked out
with activity - never had anything like this before. However checks showed
that it did not slow requests from elsewhere. After a while I denied all
accesses from 125.162.*.* for 30 minutes and then reinstated it - the
attack did not return. I call it an attack because, unlike search engines
etc, it asked for the same PDFs and PPTs after random delays. Only upon
reading this thread did I check to see if China was involved but:
http://samspade.org/whois/125.162.87.45
looks more like Indonesia to me.

Perhaps this is not the same as other reports - perhaps only one IP
involved (not done a full check) - perhaps a genuine customer with an
unfortunate fault in his equipment.

Neville



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message