iptables and combining additional rule sources
Thorondir
thorondir+kernelnewbies at thorondir.com
Wed Apr 29 05:30:00 EDT 2020
On 2020-04-25 00:28, Jeffrey Walton wrote:
> Hi Everyone,
>
> We are having trouble with our MediaWiki installation on a low-end VM.
> The VM is servicing a lot of spam traffic, and it is driving cpu usage
> up to about 80%. The 404's appear to be more expensive then the 200's.
> GoDaddy wrote to us and told us they were going to suspend our service
> if we don't get cpu usage down.
>
> I experimented with several Apache and MediaWiki plugins and I have a
> design I like. The plugin scans the URL, detects the problematic URLs,
> and sends the ip address to a privileged out-of-proc proxy to update
> iptables. The proxy is privileged and can update iptables rules. It
> also maintains a database to remove the host after 45 days.
Hi Jeffrey,
have you looked into Fail2Ban? It seems to do what you need, but
real-time.
Kind regards,
Thorondir
More information about the Kernelnewbies
mailing list