IPtables


#1

Hello,

First, sorry for my bad english. I’m spanish.

I need a similar system iptables for my private server. My PS works fine and correctly, but in some moments obtain too much HTTP requests per seconds and produce a DoS, too much zombie process (PHP5 [defunct]) and fall out server.

Actually, I block this requests with “deny from” in .htaccess, but this isn’t sufficient.

I need a similar system such as iptables, for block this requests without arrive to apache server, and avoid denial service.

Some help?
Best Regards,


#2

To my knowledge, I don’t think it is possible for us.

If we have the access to the hardware, we are able to achieve it by configuring the routers. But we don’t have the access.

Our control is on application layer which means we can only use softwares (apache, htaccess) to control denial service.

Save $97 (MAX Discount) with code: [color=#CC0000]97YES[/color] Sign Up NOW or More Codes here


#3

Thanks for answer, Patrick.

I understand this point, but I need (and Dreamhost also) a way to avoid this attacks.

Maybe, a web-based app for deny rules from iptables, that first supervised for a dreamhost employee, with a reason, ip or range-ip, and other info.

This be good for customers and dreamhost.


#4

Is this actually a DoS attack with bogus http requests or is it just too much traffic overwhelming the memory limit of your virtual server?

If it is an actual DoS attack with bogus requests, DreamHost support should be able to help. If it is just too much traffic, you have your usual set of code analysis and optimization tools to help with that (starting with that big mass of gray matter in your head!).

Are you sure this isn’t something that can be helped by denying some IP’s in your .htaccess? That’s much less resource intensive than allowing the requests all the way through to cgi/php.

Free unique IP and $67 off with promo code [color=#CC0000]LMIP67[/color] or use [color=#CC0000]LM97[/color] for $97 off. Click for more promo code discounts


#5

Thanks for fast answer!

I think that is a DoS attack. I have a Private Server and the memory & CPU usage is (very!) low. Only in some moments this usage is up to hang up server. I see logs and I obtain too HTTP requests of Range-IP blacklist in http://whois.domaintools.com/

Already this range-ip in my .htaccess with a deny from, but the problem is too process zombie of PHP (PHP5.cgi [defunct]) that produce a system down.


#6

I admit that I don’t have a perfect understanding of Apache, but I thought that IP ranges in “deny from” lines don’t even get to execute CGI/PHP?

So how is it that these requests are causing zombie PHP processes?

What application are you running and what is the exact error message?

Free unique IP and $67 off with promo code [color=#CC0000]LMIP67[/color] or use [color=#CC0000]LM97[/color] for $97 off. Click for more promo code discounts


#7

Hi Lensman,

Maybe is a own mistake, but I think that if I include a range-IP with “deny from” lines there are a overload of http requests that don’t exists in a filter with iptables.

I suposse that with “deny from” line, numerous http requests created a queue that hang up server…

In my PS graph usage I see a level constantly 250~450 memory usage… (in last 2 days, all correctly), but suddenly, usage up to max (include if I set the bar in max.).

The zombie PHP processes is a my teory, just before that down server, I make a top and see very much php defunct and I think that is a possibility.

Nobody application, I program my own code. This HTTP requests are to path that don’t exists, but are very much hits daily (more than 3,000 in a few seconds, more than 10,000 in few minutes)…

Sorry for my bad english, again…