This post originated from an RSS feed registered with Python Buzz
by Phillip Pearson.
Original Post: The first thing we do, let's kill all the spammers
Feed Title: Second p0st
Feed URL: http://www.myelin.co.nz/post/rss.xml
Feed Description: Tech notes and web hackery from the guy that brought you bzero, Python Community Server, the Blogging Ecosystem and the Internet Topic Exchange
For the last few weeks, my web server (hosting PyCS, the Topic Exchange, and all that) has been spending much of its time more or less comatose. I haven't been able to figure out why, until today when I did a lsof | grep TCP and saw that almost all of the connections to port 80 were from clients of alestra.com.mx, requesting the PyCS comments page ... argh ...
So now I've configured it to deny all requests from .alestra.com.mx. My apologies to any legitimate visitors from alestra.com.mx PyCS might have, but the server was suffering too much from the huge volume of comments page requests from the spammer living somewhere near you.
Fingers crossed - let's see if the site comes back to life now. You'll know real soon...
Update: Looks like I needed to go a bit lower-level. The connections from Mexico were still coming up and TRYING to do something, and still hanging Apache. So now:
iptables -A INPUT -p tcp --source 207.248.240.118 --dport 80 -j DROP iptables -A INPUT -p tcp --source 207.248.240.119 --dport 80 -j DROP iptables -A INPUT -p tcp --source 148.244.150.57 --dport 80 -j DROP iptables -A INPUT -p tcp --source 148.244.150.58 --dport 80 -j DROP
Update 2: OK, now they're on a different IP address.
iptables -F INPUT iptables -A INPUT -p tcp --source 207.248.240.0/24 --dport 80 -j DROP iptables -A INPUT -p tcp --source 148.244.150.0/24 --dport 80 -j DROP
Previous Topic
