The MU forums have moved to WordPress.org

Preventing DoS with Apache (4 posts)

  1. LanceGrigsby
    Member
    Posted 14 years ago #

    We get fairly frequent server crashes in our WPMU 2.8.2 (upgraging to 2.8.3 tomorrow) installation. We've got this running on a Windows 2003 box with Apache 2.2. From the looks of the logs, we have a botnet coming from random IPs trying to repeatedly hit /main.php and /wp-signup.php, both of which are non-existent in our installation. We removed wp-signup because our clients use an LDAP plugin to login, as we only allow users on our domain to have accounts--and of course, this prevents splogs.

    How can I minimize this? I know IP blocking is not a solution in this case ... What I'm trying to figure out is what Apache does when it encounters a request for a file that's not there, particularly when the end user is served up a valid 404 (in other words, why doesn't the request just STOP once the server returns a 404?).

    Would a different HTTP header stop repeated requests for a file that's not there? Can we somehow write a script that will redirect all IPs that request these non-existent files back onto themselves? Or should we actually just create these pages and make them blank so Apache will stop looking for them every time we get a bogus request?

  2. SteveAtty
    Member
    Posted 14 years ago #

    You could create 2 1 byte files which are empty, which would reduce the 404 errors in your logs and possibly reduce your server bandwidth as an empty file should be smaller than your 404 error message

    You can make some adjustments to some Apache parameters and googling apache 2.2 dos brings back some good tips.

  3. LanceGrigsby
    Member
    Posted 14 years ago #

    Sounds like some good leads, Steve. Thanks.

  4. LanceGrigsby
    Member
    Posted 14 years ago #

    mod_evasive looks promising: http://www.zdziarski.com/projects/mod_evasive/.

About this Topic

  • Started 14 years ago by LanceGrigsby
  • Latest reply from LanceGrigsby