I have had this issue appear today. I have attempted to set up
mod_evasive for apache but it doesn't seem to have solved the problem.
I would really appreciate some advice.
Clint.
rfblanchard wrote:
Assume a basic opac search:
http://..../cgi-bin/koha/opac-search.pl?q=dog&branch_group_limit=branch%3A349
This would take about 10 seconds to return the first time.
Assume the user refreshes the results using f5 and keep there finger there a
moment to long (3s):
This would kill my server for about 1 minute.
Any attacker could easily make the server unresponsive indefinitely by
simply holding f5 on an opac search.
Any recommendations on how to deal with this problem?
here is a sample from top:
Tasks: 313 total, 3 running, 309 sleeping, 0 stopped, 1 zombie
%Cpu(s): 93.7 us, 5.2 sy, 0.0 ni, 1.0 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0
st
KiB Mem: 16465036 total, 1532492 used, 14932544 free, 63180 buffers
KiB Swap: 8526844 total, 0 used, 8526844 free. 505124 cached Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
7027 peischo+ 20 0 416164 162924 12756 S 58.8 1.0 0:26.43
/usr/share/koha
7009 peischo+ 20 0 416800 163524 12756 S 56.5 1.0 0:33.77
/usr/share/koha
7444 peischo+ 20 0 129832 15216 5900 R 37.2 0.1 0:01.12 zebrasrv
7445 peischo+ 20 0 129832 15216 5900 R 35.6 0.1 0:01.07 zebrasrv
1151 mysql 20 0 886564 181096 10808 S 8.6 1.1 1:27.57 mysqld
7435 koha 20 0 25892 3272 2528 R 0.3 0.0 0:00.03 top
1 root 20 0 176144 5044 3096 S 0.0 0.0 0:01.43 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
--
View this message in context:
http://koha.1045719.n5.nabble.com/F5-Attacks-tp5906098.html
Sent from the Koha-general mailing list archive at Nabble.com.
_______________________________________________
Koha mailing list http://koha-community.org
Koha@lists.katipo.co.nz
https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________
Koha mailing list http://koha-community.org
Koha@lists.katipo.co.nz
https://lists.katipo.co.nz/mailman/listinfo/koha
