[pmwiki-users] How to Deal With a DOS Type Attack
lists at manor-farm.org
Sun Sep 6 02:42:56 CDT 2009
I have noticed on one of my servers that Apache was using up all my RAM.
Looking in the logs I see thousands of lines like:
126.96.36.199 - - [03/Sep/2009:10:10:43 +0100] "POST
/wiki/PmWikiAdmin/PageHeader?action=edit HTTP/1.1" 200 168
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
The wikis on this server are all password protected. It looks as though
someone is trying a generic type of spam attack by editing pages. There
are a number of different ip addresses being used, which seem to have no
obvious connection - it looks as though there are several different
groups trying the attack.
As a first step I can extract their ip addresses and add them to my
hosts.deny, but I don't expect this to be very effective. Does anyone
have any alternative suggestions?
More information about the pmwiki-users