iptables and combining additional rule sources

Thorondir thorondir+kernelnewbies at thorondir.com
Wed Apr 29 05:30:00 EDT 2020

On 2020-04-25 00:28, Jeffrey Walton wrote:
> Hi Everyone,
> We are having trouble with our MediaWiki installation on a low-end VM.
> The VM is servicing a lot of spam traffic, and it is driving cpu usage
> up to about 80%. The 404's appear to be more expensive then the 200's.
> GoDaddy wrote to us and told us they were going to suspend our service
> if we don't get cpu usage down.
> I experimented with several Apache and MediaWiki plugins and I have a
> design I like. The plugin scans the URL, detects the problematic URLs,
> and sends the ip address to a privileged out-of-proc proxy to update
> iptables. The proxy is privileged and can update iptables rules. It
> also maintains a database to remove the host after 45 days.

Hi Jeffrey,

have you looked into Fail2Ban? It seems to do what you need, but

Kind regards,

More information about the Kernelnewbies mailing list