Re: diagnosing possible DOS

[Kevin Wilcox <wilcoxkm () APPSTATE EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Jan 05, 2012 at 07:56:48PM +0000, Alexander Kurt Keller wrote:

> We have concluded that our site was leveraged for a search engine
> ???optimization??? campaign, but now it appears we are suffering from a denial of
> service condition that may not have been intentional (If we were selling Ugg
> boots, we would be rich by now). We have some leads on mitigation: blocking
> aggressive hosts, mod_security, etc., but on a more fundamental level we are
> hoping to use this opportunity to educate ourselves on what to look for (and
> how to look for it) when experiencing these sort of events.

On the mitigation front, specifically on reducing resource exhaustion,
have you looked at using cache software like squid or nginx? It's
possible you can serve the PHP content using nginx and cut out Apache
completely. Empirical testing has shown hosting drupal sites using nginx
to be *considerably* less resource intensive than using Apache.

kmw

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEARECAAYFAk8HCZQACgkQsKMTOtQ3fKE8AQCgub5sM+0sgMI3YOXCPCPG5CbT
xkMAn09gYQRn8ORkJCrrm8tEyLEMmKIC
=tBW1
-----END PGP SIGNATURE-----