[pLog-svn] website

Andy Wright andy at extracted.org
Wed Oct 15 01:37:47 EDT 2008 

On Wed, 2008-10-15 at 13:31 +0800, Mark Wu wrote:
> Another question ... Can you use 
> 
> netstat -ntp |awk '/tcp|udp/{gsub(/:.*/,"",$5);print $5}'|sort|uniq -c|sort 
> 
> to see the connections ...
> 
> Maybe lifetype.net just ddos attack by some hackers ...
> 
> mod_limitipconn is not a perfect solution, but it is the most useful way to
> prevent the DDOS attack.
> 
> Or, you can try ddos deflate http://deflate.medialayer.com/  ( I never test
> it before)
> 
> Mark
> 

All my services are on a FreeBSD host with the exception of the web
server, these are my settings that prevent any type of ddos I have
experienced as of yet, or know about.. (linux options):

echo "90" > /proc/sys/net/ipv4/tcp_keepalive_time
echo "1" > /proc/sys/net/ipv4/tcp_abort_on_overflow
echo "2" > /proc/sys/net/ipv4/tcp_orphan_retries

These ensure that TIME_WAIT ports either get reused or closed fast.
echo "1" > /proc/sys/net/ipv4/tcp_fin_timeout
echo "1" > /proc/sys/net/ipv4/tcp_tw_recycle

These are VERY strict.

> 
> 
> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
> Sent: Wednesday, October 15, 2008 12:47 PM
> To: LifeType Developer List
> Subject: Re: [pLog-svn] website
> 
>  	I have played around with squid some - it is hard to get right on a
> dynamic site.  I haven't found that the search engines care much about the
> crawl delay directive??
>  	Opinions on eaccelerator vs. apc? (Is that one of those
> which-distribution-of-linux-do-you-like-best sort of questions?)
> 
>  	deflate compresses html and text on the way out?  Do you notice an
> increased CPU load?  For me, bandwidth is generally cheaper than CPU power.
>  	The mod_expires is interesting - I do see browsers requesting stuff
> more than I think they should, though for lifetype - the primary issue is
> the actual php pages, by spammers and search engines.
> 
> 
> On Wed, 15 Oct 2008, Mark Wu wrote:
> > 1. APC for php for opcode cache
> > 2. mod_expires, mod_deflate for apache for reduce the bandwidth 3. 
> > mod_cache for apache for cache the images/scripts in each web server 
> > to reduce NFS I/O (if you use multple server for load balance, it is 
> > very
> > useful)
> >
> > And, maybe you can add an Nginx or Squid server for reverse proxy, it 
> > might help, too.
> >
> > If you want to lowering the indexing frequency of seach engine, maybe 
> > you can try 
> > http://en.wikipedia.org/wiki/Robots_Exclusion_Standard#Crawl-delay_dir
> > ective
> >
> > Mark
> >
> > -----Original Message-----
> > From: plog-svn-bounces at devel.lifetype.net
> > [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
> > Sent: Wednesday, October 15, 2008 11:26 AM
> > To: LifeType Developer List
> > Subject: Re: [pLog-svn] website
> >
> > 	Ok, thanks, it is probably worth another try then.  I tried it 
> > probably 8 or 12 months ago.
> >
> > On Tue, 14 Oct 2008, Andy Wright wrote:
> >
> >>> 	The last time I tried the accelerators, I had some trouble with the 
> >>> code not executing accurately.
> >>
> >> I had trouble with many scripts up until the last few minor versions.
> >> Now, absolutely everything works absolutely wonderful with eaccelerator.
> >>
> >> At that time I was using a lighttpd module called htscanner which 
> >> allowed lighttpd to parse .htaccess files (even though it is not 
> >> supported as native on the web server) and send a PHP option to the 
> >> opcode cacher to disable it on a per directory or hierarchical 
> >> filesystem basis.
> >>
> >> It is a rather new technique to the PHP world, still, and it has come 
> >> a long way since the last time you have likely tried using it.
> >>
> >> Andy
> >>
> >>> On Tue, 14 Oct 2008, Andy Wright wrote:
> >>>
> >>>> Could you compress output using the PHP option for scripts, cache 
> >>>> static files on the webserver side + compression, fast-cgi for PHP?
> >>>>
> >>>> I have found eaccelerator does for me exactly what you are asking for.
> >>>> It is an opcode cacher that I use with fast-cgi and lighttpd..  if 
> >>>> you are using fast-cgi, make sure to only spawn one process, and 
> >>>> any number of children.
> >>>>
> >>>> It will use PHP output in a compiled state to execute phpbb, send 
> >>>> it to your webserver which could compress the html output to the 
> >>>> client, and serve other static files not provided by the PHP 
> >>>> process in a compressed and cached state..
> >>>>
> >>>> might help...
> >>>>
> >>>> Andy
> >>>>
> >>>> http://myspew.com
> >>>>
> >>>> --
> >>>>
> >>>> On Tue, 2008-10-14 at 16:40 -0400, Jon Daley wrote:
> >>>>> I wrote the below email this morning, but didn't send it due to 
> >>>>> being stressed about the server being down.
> >>>>>
> >>>>> I am now back in Pittsburgh, and the machine appears to be fine, 
> >>>>> as long as I leave the lifetype sites turned off.
> >>>>>
> >>>>> I wonder if there is a known vulnerability in phpbb or something 
> >>>>> that someone is exploiting?  I don't know how one would get a 
> >>>>> complete server crash without any logs or anything from a php 
> >>>>> process, remotely - maybe the site has been hacked?  I haven't 
> >>>>> looked
> > through the files yet.
> >>>>>
> >>>>> If anyone else has time(Reto?), that would be great.
> >>>>>
> >>>>> ---------------------------------
> >>>>>
> >>>>>  	Search engines have taken down the server a couple times in the 
> >>>>> last week.  I am traveling today, and had to take lifetype.net 
> >>>>> down, as I can't have it killing everything else.
> >>>>>  	I talked to an employee of Google, and I gather that the search 
> >>>>> engines are trying to be more aggressive in having the most 
> >>>>> up-to-date content, thus causing them to grab data continuously
> > throughout the day.
> >>>>> MSN is the worst offender, but some of the little unknown search 
> >>>>> engines are causing trouble too.
> >>>>>  	We'll probably need to find some caching or something.  If 
> >>>>> anyone has time to look up some caching for phpbb3, that would be
> great.
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>> _______________________________________________
> >>>> pLog-svn mailing list
> >>>> pLog-svn at devel.lifetype.net
> >>>> http://limedaley.com/mailman/listinfo/plog-svn
> >>>>
> >>>
> >>
> >> _______________________________________________
> >> pLog-svn mailing list
> >> pLog-svn at devel.lifetype.net
> >> http://limedaley.com/mailman/listinfo/plog-svn
> >>
> >
> > --
> > Jon Daley
> > http://jon.limedaley.com
> > ~~
> > Before you criticize someone, you should walk a mile in their shoes.
> > That way, when you criticize them,
> >   you're a mile away and you have their shoes.
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://limedaley.com/mailman/listinfo/plog-svn
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://limedaley.com/mailman/listinfo/plog-svn
> >
> 
> --
> Jon Daley
> http://jon.limedaley.com
> ~~
> There is no "I" in Team, but it does contain a silent "scapegoat"
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
> 
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn

More information about the pLog-svn mailing list