Flutterby™! : In an effort to cut down on server load

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

In an effort to cut down on server load

2014-06-21 02:50:04.990972+00 by Dan Lyke 6 comments

In an effort to cut down on server load, I'm denying somewhere north of 1500 spamming IP addresses using ufw/iptables. Fingers crossed...

comments in ascending chronological order (reverse):

#Comment Re: made: 2014-06-22 02:17:27.862994+00 by: meuon

I've toyed with putting up pages that look like popular exploits, like WordPress or PHPMyAdmin login pages, and having that create iptables rules to block IP's.

#Comment Re: made: 2014-06-23 02:16:33.428093+00 by: Dan Lyke

Basically what I did, except that the honey pot is an existing script, I was just looking for specific POST variables.

#Comment Re: made: 2014-07-14 17:40:59.668367+00 by: Dan Lyke

So three weeks later: Holy cow, it is amazing how much server load got cut by denying access to just those machines. The list is actually standing at 1458, but they were hammering the server.

What's disappointing now is just how much server traffic is generated by bots. We really need NNTP for the web.

#Comment Re: made: 2014-07-15 04:13:27.043736+00 by: meuon

Hmm.. wonder if there is any value in creating a good way to share those lists among hosts.

#Comment Re: made: 2014-07-15 15:28:39.455644+00 by: Dan Lyke

I was shocked at how few IP addresses there are on the list, I'd expected tens of thousands stupidly hammering my various CGI scripts with WordPress form contents.

I'll happily share them, but...

But between you and me? Sure, in fact we could just set up a cron job that does a "ufw status | grep DENY"...

#Comment Re: made: 2014-07-16 01:57:33.955709+00 by: meuon

Saw this about GeoIP and thought of you... will be hanging with Gabriel in Black Rock.