How to make Apache (2.2.4) less greedy,
or Sendmail less polite? [semi-solved]
o.greve at axis.nl
Tue May 8 12:51:49 UTC 2007
Well, I promised you guys a follow-up on this, and here's what I have
found out (first the situation and solution, and then two small
Firstly, I took some measures to figure out where the issues came
from, and using Apache's "server-status" handler (tnx for that
recommendation!), I noticed the script that caused Apache to choke up
(i.e. grab an excessive amount of resources), was a PHP script that
shows entries of photographic events that I organise from time to
time. This didn't happen for all entries, but only for specific ones.
I then wondered why, as this script never caused trouble before, and
while checking the server status I did already notice that the "store
comments" script (allowing visitor's feedback to the entries) was
called very often. Too often. I checked out the sizes of the comments
files (which normally are very small plain text files, of perhaps
some 4Kb size at most), and lo and behold: some of them were as big
as 18Mb! The main issue then becoming that when these files were
text by PHP when an entry is shown, this either took a long time to
complete, or in the worst case caused even a core dump to be
generated by the over-excessive load on the server's resources.
Next, when checking the contents of those files, it became apparent
that they were completely hammered with all sorts of typical
commercial spam, referring to vi*gr* websites, etc. I think this is
known as "forum spam" (or so), but my site uses custom scripts, so
someone must have found the URL, and made use of it by manually
figuring out the parameters and it's functionality.
The (partial) "solution":
For now, I have configured the webserver so, that ANY call to this
"store comments" script is forbidden, and will simply generate a
standard server error (hopefully the spammers will signal these
server errors, and will stop the hack attempt), while I am looking
into a better solution (e.g. by having to type additional text (anti-
spam challenges) when posting a comment). But then, as mentioned
above, someone went through the trouble of figuring out how to
manipulate my code, and hence caused me a LOT of time being wasted,
so I want to "reward" them for their trouble, by punishing the
responsible people as much as possible. Therefore, I will go through
the Apache access log to work out the IP addresses of
the machines that were used for this, and I will report them to the
proper anti spam authorities, such that they will be blacklisted
Internet wide. If anyone knows of good places to do so (the more, the
merrier), I welcome hearing about them...
-Can anyone recommend me proper anti spam authorities to whom I can
report the IP addresses that caused the issues on my machine?
-At present, in Apache I have added:
<Location ~ "store_comments_script.php">
Deny from all
Can anyone tell me of a good way to only ever allow calls to this
script coming from the proper previous script, or should this be
handled from PHP itself?
Perhaps this question isn't very clear, but what I'm looking for is a
way to block any and all direct calls to this script, that originate
from anywhere but from the photography site itself.
Can anyone help me perhaps with those two thingies?
Tnx once more, and cheers!
More information about the freebsd-amd64