On Wed, Nov 12, 2014 at 6:54 PM, Miles Fidelman
<mfidelman@meetinghouse.net <mailto:mfidelman@meetinghouse.net>> wrote:
Muhammad Yousuf Khan wrote:
NOTE: These help, but if you end up on the attacking end of a
distributed bot attack, it's likely that your Apache
server will
get hosed -- at times, I've had to tune Apache (number of
concurrent processes, number of concurrent queries), to
keep our
server from getting so overloaded that it crashes.
Thank for sharing every bit of information. yes i do want to
tweak Apache concurrent connection and other settings. is
there any formula to do this. would you like to share your
thoughts on this.
Unfortunately, what I shared is about all I know on the topic.
Most of my hardening of Wordpress and Apache was on-the-fly, in
response to a botnet attack. I did some googling and searching
the WordPress plug-in site to find the plug-ins that I use, played
with the settings a bit just to get things working, nothing
orderly or that I could share as a best practice. For Apache, I
just started in the config file and reducing max_ settings until I
reached a level where I wasn't having to restart Apache every few
minutes, or rebooting the machine. Unfortunately, the Wordpress
site still becomes unreachable at times (when under attack), and
the site runs slow at other times (limited number of concurrent
accesses), but at least it doesn't take down the entire server -
which is a good thing as the Wordpress site is a sideline, the
server is really for mail and list processing.
I did come across some references to software that could
dynamically tune IP chains, based on wordpress level attacks -- to
block IP addresses earlier in the processing chain, and I expect
one could push that back to an external firewall -- but I never
went all that far in exploring these. (If you end up doing so,
please report back!).
I am actually a system and network eng. i did all the protection on FW
end. installed IPS/scan detection on linux machine. and my machine is
behind firewall. which i believe is properly configured so there are
many layers of security. but protecting apache traffic it self is a
different domain of security. because WP and template coding may have
loopholes which you may not control from FW. therefore learning the
security of web application it self is an art.
By the way i am working on mod_security and also working on All in one
WP security module. for application layer which i belive will help in
bot and other attackes. i am also planning to install fail2ban however
as i know of F2B it working on bruteforce attacks. which lower in my
working priorityies.