On 2020-04-25 00:28, Jeffrey Walton wrote:
Hi Everyone, We are having trouble with our MediaWiki installation on a low-end VM. The VM is servicing a lot of spam traffic, and it is driving cpu usage up to about 80%. The 404's appear to be more expensive then the 200's. GoDaddy wrote to us and told us they were going to suspend our service if we don't get cpu usage down. I experimented with several Apache and MediaWiki plugins and I have a design I like. The plugin scans the URL, detects the problematic URLs, and sends the ip address to a privileged out-of-proc proxy to update iptables. The proxy is privileged and can update iptables rules. It also maintains a database to remove the host after 45 days.
Hi Jeffrey, have you looked into Fail2Ban? It seems to do what you need, but real-time. Kind regards, Thorondir _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
