[mythtv-users] Re: atprms.net unreachable? (ip blocking)

Jason Mollman jasonmollman at atlanticbb.net
Tue Jun 14 21:10:56 UTC 2005


Still getting blocked as of 5pm eastern. Using apt here. I'm guessing 
you've sorted and counted your logs on ip address? Maybe your getting a DOS 
attack from somewhere.


- JM

At 04:28 PM 06/14/2005, Axel Thimm wrote:
>Please, before anyone else send me his private IP address: ATrpms
>currently moves 1TB/day, I cannot browse the logs for any failed
>connection out there.
>
>Avoid using anything that will penalize the server more than
>required. If yum does indeed fire up several connections w/o closing
>them, please don't use it. I just tested apt and smart and they don't
>open nearly as many connections.
>
>On Tue, Jun 14, 2005 at 08:48:33PM +0200, Axel Thimm wrote:
> > On Tue, Jun 14, 2005 at 01:44:36PM -0400, Scott wrote:
> > > On Jun 14, 2005, at 11:10 AM, Axel Thimm wrote:
> > > >The server blocks any IP that connects more than a dozen time at the
> > > >same moment (DoS and "download accellerators").
> > >
> > > A good feature for internet facing servers but can it be tweeked? I
> > > think the yum client in FC4 along with some casual browsing is
> > > triggering IP blocks. Also, yum tends to connect and disconnect
> > > several times during a transaction which may be affecting things on
> > > your end.
> >
> > Disconnecting and reconnecting is OK, the script only checks for >= 20
> > *concurrent* connections. If yum really behaves unproper, please use
> > apt.
> >
> > > If you want to check your logs look for the IP 66.57.80.76 between
> > > 13:00 and 14:00 ET
> >
> > If it was blocked it won't reach the logs anymore. I resetted the host 
> list.
> >
> > > You most likely don't hear this enough, thanks for the help and the
> > > atrpms.net service.
> >
> > Thanks!
> >
> > If anyone has a better idea of how to deal with this, here is the
> > scriplet used for checking (/etc/rc.local contains the actual
> > firewalling):
> >
> > while /bin/true; do
> > /bin/cp -a /etc/blockedhosts /etc/blockedhosts.old
> > netstat -pan | grep 160.45.32.[0-9]*:80| awk '{print $5}' | awk -F: 
> '{print $1}' |  sort | uniq -c | sort -n \
> >  | grep '^ *[2-9][0-9][0-9]* ' | awk '{print $2}' >> /etc/blockedhosts
> > sort -nu < /etc/blockedhosts | grep -vf /etc/whitelist > 
> /etc/blockedhosts.new
> > mv -f /etc/blockedhosts.new /etc/blockedhosts
> > /etc/rc.local
> > #diff -ud /etc/blockedhosts.old /etc/blockedhosts
> > sleep 30
> > done
> >
> >
>
>
>
> > _______________________________________________
> > mythtv-users mailing list
> > mythtv-users at mythtv.org
> > http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>
>
>--
>Axel.Thimm at ATrpms.net
>
>_______________________________________________
>mythtv-users mailing list
>mythtv-users at mythtv.org
>http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users



More information about the mythtv-users mailing list