Educause Security Discussion mailing list archives
Re: diagnosing possible DOS
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Fri, 6 Jan 2012 09:47:49 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Jan 05, 2012 at 07:56:48PM +0000, Alexander Kurt Keller wrote:
We have concluded that our site was leveraged for a search engine ???optimization??? campaign, but now it appears we are suffering from a denial of service condition that may not have been intentional (If we were selling Ugg boots, we would be rich by now). We have some leads on mitigation: blocking aggressive hosts, mod_security, etc., but on a more fundamental level we are hoping to use this opportunity to educate ourselves on what to look for (and how to look for it) when experiencing these sort of events.
On the mitigation front, specifically on reducing resource exhaustion, have you looked at using cache software like squid or nginx? It's possible you can serve the PHP content using nginx and cut out Apache completely. Empirical testing has shown hosting drupal sites using nginx to be *considerably* less resource intensive than using Apache. kmw -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk8HCZQACgkQsKMTOtQ3fKE8AQCgub5sM+0sgMI3YOXCPCPG5CbT xkMAn09gYQRn8ORkJCrrm8tEyLEMmKIC =tBW1 -----END PGP SIGNATURE-----
Current thread:
- diagnosing possible DOS Alexander Kurt Keller (Jan 05)
- Re: diagnosing possible DOS Randall C Grimshaw (Jan 05)
- Re: diagnosing possible DOS Steven Alexander (Jan 05)
- Re: diagnosing possible DOS Alexander Kurt Keller (Jan 06)
- Re: diagnosing possible DOS Kevin Wilcox (Jan 06)