> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Keith Keller > Sent: Sunday, August 28, 2016 8:23 PM > To: centos at centos.org > Subject: Re: [CentOS] .htaccess file > > On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote: > > I setup an ipset but quickly ran out of room in the set. I guess I'll > > have to setup multiple sets. > > I'm not familiar with ipsets, but from a quick Google search it seems likeyou> can increase the size of an ipset (or make a new larger one and migrateyour> IPs to the new one). Multiple sets looks like it'd work as well. > > > Right now, I'm just trying to take some load off my home server from > > badbots but I am getting hit on other services as well. > > Another possibility for you to look at is sshguard. It can protectagainst brute> force ssh attacks (using iptables rules, which is how I use it) but IIRCit can> also protect against http attacks (I've never used it that way, so I don'tknow> how difficult this is). > > Can you be more specific about the "load" you're trying to mitigate? Isit> really the load on your home system, or is it that attackers are usingyour> bandwidth, or a combination? > > --keith >[Thomas E Dukes] I saw that as well but it was a little vague on how to do that. Thanks!!
On 2016-08-29, TE Dukes <tdukes at palmettoshopper.com> wrote:>> >> Can you be more specific about the "load" you're trying to mitigate? Is it >> really the load on your home system, or is it that attackers are using your >> bandwidth, or a combination? > > [Thomas E Dukes] > I saw that as well but it was a little vague on how to do that.There are two easy (though not quantitative) tests you can do. First, look at the load on the server. If httpd is using a lot of CPU and putting your load over 1, your main issue is probably the load being generated by .htaccess reads. If you have another system on your home network, try a speed test. If it performs crappy you probably have a problem with attackers eating your bandwidth. You and another poster mentioned fail2ban; if you can get that configured to watch and protect both sshd and httpd that will help both problems quite a bit. --keith -- kkeller at wombat.san-francisco.ca.us
> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Keith Keller > Sent: Monday, August 29, 2016 7:39 PM > To: centos at centos.org > Subject: Re: [CentOS] .htaccess file > > On 2016-08-29, TE Dukes <tdukes at palmettoshopper.com> wrote: > >> > >> Can you be more specific about the "load" you're trying to mitigate? > >> Is it really the load on your home system, or is it that attackers > >> are using your bandwidth, or a combination? > > > > [Thomas E Dukes] > > I saw that as well but it was a little vague on how to do that. > > There are two easy (though not quantitative) tests you can do. > > First, look at the load on the server. If httpd is using a lot of CPU andputting> your load over 1, your main issue is probably the load being generated by > .htaccess reads. >[Thomas E Dukes] Its not necessarily the load on my server, but the bandwidth on my dsl.> If you have another system on your home network, try a speed test. If it > performs crappy you probably have a problem with attackers eating your > bandwidth. >[Thomas E Dukes] I have a fire stick on my network that I stream movies. Getting beatup by badbots isn't helping.> You and another poster mentioned fail2ban; if you can get that configuredto> watch and protect both sshd and httpd that will help both problems quite a > bit.[Thomas E Dukes] I have all the jails setup for the services I'm running. Not sure its working. Not getting any emails. Thanks!!