Chris Mauritz wrote:
John Hinton wrote:
Yesterday, I had a DoS attack on a php/mysql webpage which uses a lot of resources. I have learned today, as a for instance, in the last hour, about 3000 requests for that page were made by 610 different servers, mostly from 'odd' places... China, Russia, Poland, Turkey... the usual suspects from my experience.
The bottom line is this... I hit server loads of 142 yesterday!!! And the server never crashed! Yeah, it might as well have been dead, but it wasn't. Yes, some things shut down temporarily... but the machine never went down. This is a remote server, about an hour away.. It took about 20 minutes for my mysqld stop command to execute, but with time it did respond! I'm extremely impressed by this and just wanted to pass this 'trivia' along. EL rocks!
Back in the "good 'ol days" we could just add a page full of /16's, flushing all traffic from naughty places, to the iptables deny list and call it a day. Now, my company has customers in some of these "troublesome" countries so we can't drop all their packets on the floor. 8-(
That's good news about your server staying up. What does its hardware config look like?
It's actually one of our very old boat anchors.. the replacement for which is sitting here waiting for me to move stuff. It's an old Compaq 3000R with dual 500s, a gig of ram and 6 18.2gig wide ultra drives .. raid 5 with hot spare. Dual P/S, redundant fans... was state of the art in 1999! ;)
It actually does a fine job, with loads normally under 1.0 and is downright frisky as a webserver. But, as the need for more intensive email systems rises, the need for a replacement has grown... so, it will be retired pretty soon. But, when it handles so well a situation like this.. gee. And reliability.. well, it just now needs one of the fans replaced. What can I say? I got my monies worth! I'll likely find some use for it as a backup storage box or nameserver or something. It ain't dead yet. Then again it might not be worth the rackspace and electricity it uses for such a device. It could likely replace one of our nameserver boxes, running a 3000 single 550, which does only bind and collects postmaster and other general junk mail from all the other systems, which sometimes shows something I actually need to know about.
Best, John Hinton