[SOLVED] Whats to stop

[jaymc]

People killing my machine by requesting webpages over and over, causing apache to hit its max clients of 200

 

Because thats whats happening

 

I had a proxy enabled (apaches module one) about a year ago until I realised it was open to the public, by then it was listed on those proxy websites, since then I get requests all the time, all of which fail but still count as an apache request, hence I max out on connections

 

It is not 1 particular IP address, and via server-status sometimes it does not even give the IP, it just shows a question mark, which I suppose is spoofed headers

 

What can I do to stop this? I cant change the IP of my server, as they are querying via the domain name

 

The proxy port was :80, so I cant block that either

[trq]

Attacks of these sorts can be prevented by a good firewall script, are you using iptables?

 

You might also take a look at some of the kernel setting in /etc/sysctl.conf

[jaymc]

Yes I am using IP tables but I cant block 80 as have webserver running.. and thats where the requests are coming in from

 

sysctl.conf gave this

kernel.sysrq=0

net.ipv4.ip_forward=0

net.ipv4.conf.default.accept_source_route=0

net.ipv4.conf.default.rp_filter=1

kernel.panic=3

kernel.core_uses_pid=1

 

What can I do with that?

 

[trq]

Yes I am using IP tables but I cant block 80 as have webserver running..

 

You don't need to block it but you can stop request coming from specific ips so frequently there attempting a DOS. I don't have time to describe it here, but search for DOS prevention using iptables or something along those lines.

[jaymc]

Cheers