where

A word from our sponsor:

Printer-friendly version

Author: 

Blog About: 

Have all the stories gone? Apparently I don't have any stories posted and none are coming up on the home page either.

Guess it's to do with the new server, hope it gets sorted out quickly.

Happy New Year
Mads

Comments

No stories

I have a full list of stories,apparently, it's your turn for problems.

Karen

Confirmation

I can find all your stories, Maddy.

Red MacDonald

That darn cat!

That darn cat cache!

Kris

{I leave a trail of Kudos as I browse the site. Be careful where you step!}

Holiday weekend

erin's picture

We're getting slammed by the script kiddies and their bots. They fill up the cache with page requests and then things get out of sync. The new hardware and reconfiguring the server space should soon help prevent this from happening.

Hugs,
Erin

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

Thought about using fail2ban

Thought about using fail2ban or similar? I've managed to get a decent reduction in mail abuse that way.


I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.

I don't think it is email

that is the problem.
There are a lot of mentally deranged people (apparently living in their parents basements /s) out there who get their only source of entertainment from taking down web sites. There are 'bots' that can be bought for a few $$$ and configured to DDOS just about any site.

The big boys have the resources to go after them so they have gone to attack the SME space. This site falls into that space.

Even my own website gets hit from time to time. Every few weeks, I add a few hundred IP's to my hosts.deny list. It has over 25,000 entries in it.
This is despite it not being listed by Google etc.
One of these days, I'll just take it offline and be done with it.
Ironically, two of my domains end up in '404' land yet they still get hit. Now if I was evil, I might just resolve the domain and send them back a bot of their own but I'd probably end up in jail before they did.
Samantha

CSF+LFD

Piper's picture

We use a combination of CSF + LFD for the same basic results as fail2ban. We do some custom log monitoring for things not covered "out of the box" but have found that CSF+LFD fit more of our "use cases" out of the box and supporting one platform is usually simpler for a team as small as ours.

However thank you greatly for the advice!

As a note, we don't run mail-servers on any machine that doesn't need one. BigCloset sends all it's mail out through a hosted SMTP gateway so that we don't need to worry about our email IP Reputation space, and because I hate managing mail-servers, especially when they are "just there" and not utilized.

-Piper


"She was like a butterfly, full of color and vibrancy when she chose to open her wings, yet hardly visible when she closed them."
— Geraldine Brooks


Fail2Ban is simply a log

Fail2Ban is simply a log parser and ip banning tool. I'm using it for SMTPD and SASL, but I'm also using it on ssh and a few other functions that people keep hammering.

With some judicious editing, you can create fail2ban logs for just about anything - including just watching for the IP's that keep trying to access wp-login.php (which doesn't exist on a drupal machine), and banning them. I prefer to use temporary bans rather than permanent ones, myself.

Right now, I have 1,300+ blocked just in my ssh rules alone. I mean, really - they think that 'root' is a usable name?


I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.