[pmwiki-users] How to Deal With a DOS Type Attack

Ian Barton lists at manor-farm.org
Sun Sep 6 02:42:56 CDT 2009

I have noticed on one of my servers that Apache was using up all my RAM. 
Looking in the logs I see thousands of lines like: - - [03/Sep/2009:10:10:43 +0100] "POST 
/wiki/PmWikiAdmin/PageHeader?action=edit HTTP/1.1" 200 168 
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

The wikis on this server are all password protected. It looks as though 
someone is trying a generic type of spam attack by editing pages. There 
are a number of different ip addresses being used, which seem to have no 
obvious connection - it looks as though there are several different 
groups trying the attack.

As a first step I can extract their ip addresses and add them to my 
hosts.deny, but I don't expect this to be very effective. Does anyone 
have any alternative suggestions?


More information about the pmwiki-users mailing list