httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Westvik <andr...@servar.net>
Subject Re: [users@httpd] mod_proxy unleashes hell on my server
Date Mon, 10 Dec 2012 22:54:16 GMT
Yeah, got some help on reddit. Everyting is sorted out. Even created a custom fail2ban rule
to ban the suckers 
So everything is kinda cool now. Lesson learned!

-Andreas

On Dec 10, 2012, at 23:48 , "Brett @Google" <brett.maxfield@gmail.com> wrote:

> Wow. Don't be a free anonomizing proxy for the Internet..
> 
> The suggestion about running a reverse proxy seems the best, but you
> must not allow forward proxy for everybody ! If you have a fixed
> internet ip, then this can make your fixed ip unusable, as once an
> open proxy is detected once, hundreds of servers will keep checking to
> see if it becomes open again.. perhaps for many months/years.
> 
> A forward proxy is usually a protected item, you only make it visible
> from your local ip range, and you never mix a forward proxy with a
> content server or reverse proxy as these are usually public to all, so
> people can see your content.
> 
> The default config in /etc/apache2/mods-enabled/proxy.conf is for your
> protection, should be left, don't change it other to add one of your
> private 192.168.0.x addresses.
> 
> But ideally don't mix a content server with a forward proxy.. it's bad news :)
> 
> Cheers
> Brett
> 
> On Mon, Dec 10, 2012 at 1:40 AM, Andreas Westvik <andreas@servar.net> wrote:
>> Hi everyone!
>> 
>> First, images can be found here:
>> http://www.reddit.com/r/debian/comments/14jr2r/mod_proxy_unleashes_hell_on_my_server/
>> 
>> So this is the third time Im enabling mod_proxy on my Debian squeeze server.
>> And every time I do this, all hell breaks out and attacks the server. (see
>> images above) It gets so bad that munin stops
>> generating stats as well. And according to the last stats from munin before
>> it went bonkers, I was hit by almost 3500 hits a minute.
>> So what is going on? I suspect the mod_proxy to some what "phone home" to a
>> bot network, cause like 2-3 seconds
>> after I enable the mod_proxy the attack starts.
>> 
>> What can I do?
>> 
>> -Andreas
> 
> 
> 
> -- 
> The only thing that interferes with my learning is my education.
> 
> Albert Einstein
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message