| Linode Forum https://forum.linode.com/ |
|
| Continuous attacks to my linode https://forum.linode.com/viewtopic.php?f=19&t=6593 |
Page 1 of 1 |
| Author: | hgtesta [ Fri Jan 21, 2011 10:50 pm ] |
| Post subject: | Continuous attacks to my linode |
Hi all, From almost a year, I see requests like this in my Ruby on Rails application log: Started GET "/webadmin/scripts/setup.php" for 72.167.252.231 at Sat Jan 15 19:33:56 +0000 2011 ActionController::RoutingError (No route matches "/webadmin/scripts/setup.php"): Started GET "/webdb/scripts/setup.php" for 72.167.252.231 at Sat Jan 15 19:33:56 +0000 2011 ActionController::RoutingError (No route matches "/webdb/scripts/setup.php"): Started GET "/fastenv" for 178.162.165.21 at Wed Jan 19 10:14:53 +0000 2011 ActionController::RoutingError (No route matches "/fastenv"): Started GET "/webdav/" for 50.22.21.218 at Thu Jan 20 19:27:09 +0000 2011 ActionController::RoutingError (No route matches "/webdav"): This is annoying, because these attacks eat resources from my linode. My first idea was to block these IPs with iptables. But the IPs used in these attacks rarely repeat, I have found more than 40 different IP numbers in the log file. So now I am inclined to use URL filtering, denying requests to ".php" pages and some specific URLs. I know iptables isn't the right tool for this, would be squid the best choice? Thank you, Henrique |
|
| Author: | hoopycat [ Sat Jan 22, 2011 1:11 am ] |
| Post subject: | |
If handling nonexistent URLs is eating significant resources, your best choice would be to streamline your 404 handling somehow. You're on the Internet; there's some tens of millions of computers infected with worms or hijacked by botnets, and you'll never block them all. |
|
| Author: | vonskippy [ Sat Jan 22, 2011 2:12 am ] |
| Post subject: | |
There's always crud on the net hitting your server. Unless it's targeted, or a ton of traffic, it's not worth worrying about or trying to prevent. Pick a percentage (for me, it's 5% of my web traffic) and if it's less then that, just ignore it. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|