as days pass by, by Stuart Langridge

Angel, the machine that runs www.kryogenix.org (among other sites) is being rather slow. On investigation of my logs, it appears that that’s quite possibly because it’s being hammered by people. I deleted my log and then waited an hour to see if I was being hit a lot (the log was 200MB! in less than an hour!) and then pulled out the 5 most persistent offenders with

cut -d" " -f1 /var/log/apache2/kryogenix.org-access.log | sort | uniq -c | sort -n | tail -5

which gave me

    324 217.112.126.122
    381 81.133.81.248
    421 82.108.113.14
   2060 213.249.154.101
   2391 81.159.133.111

Those last two are a bit high, I think; two thousand hits in an hour? I mean, I appreciate all you people reading the good word of the Langridge, but I’m not that good a writer. So, they get banned, which is nice and easy. Following Mark Pilgrim’s explanation, I added the following lines to .htaccess:

# all your DoS are belong to us. Ban ban ban.
RewriteCond %{REMOTE_ADDR} ^213.249.154.101$
RewriteRule .* - [F,L]
RewriteCond %{REMOTE_ADDR} ^81.159.133.111$
RewriteRule .* - [F,L]

and…no more hits from those IPs. Beware, people sucking down my bandwidth: I have plenty of room in .htaccess for more of those lines.

This entry was posted on Monday, July 3rd, 2006 at 2:37 pm and is filed under Howtos, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.