All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Anyone know why Hitcounter is limited to 20?
echo "If you hit me 20 times in 1 second, im about to drop you...."
iptables -I INPUT -p tcp -m state --state NEW,ESTABLISHED -m recent --set -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m recent --update --seconds 1 --hitcount 20 -j DROP
I need it to be like 50 hits within 5 seconds.... (I've done tests on my site, this is where I need to be, but if I limit the 20 to like 25 it shows errors, I heard 20 is the max? The hell is going on?)
Anyone know how to bypass that? And yes I am using the limit module as well
EDIT: FOUND SOLUTION:
Looking closer at the man page, it clearly says:
ip_pkt_list_tot=20: Number of packets per address remembered
Loading again the module with modprobe ipt_recent ip_pkt_list_tot=80
allows to increase the hitcount value.
I'm very sorry to have posted the bug in the first place.
JL
Sauce:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526074
So do I need to ask my host again to increase the limit? lol, I feel like I AM NOT ON A VPS!
(Wait is that the difference between KMV VS OpenVZ? More freedom /access to the kernal?)
Comments
I don't know if the host would raise that limit for you. If you were on KVM, you'd be able to do it yourself.
If the host were to raise it, would it cause any security concerns?
It's just that I've been doing tests on my site and found that if you refresh to fast with 20 hit, within 1 second, it'll time you out for 3-5seconds, or however long that firewall blocks that ip. I would assume 50 requests would be fine within 1 second. Would stop the noob http flood script's that are runing around (What I am using to test it). And then nginx will handle with a 503 if they continue to refresh, then I have a iptables limit
iptables -A INPUT -p tcp --dport 80 --syn -j flood-chk
iptables -A flood-chk -m limit --limit 1/sec --limit-burst 2 -j RETURN
iptables -A flood-chk -j LOG --log-prefix "IPTABLES HTTP FLOOD-PACKET"
iptables -A flood-chk -j DROP
And.. I have deflate layer installed checking every 1minute for mini script kiddies. I know this isn't going to even help against a full out DDOS.. but I know it will help against small script kiddies for sure. (Hopefully...) Anyone got any more stuff to use?/Ideas,
Thanks,
I can't really imagine someone (a person or legit visitor) refreshing any site more that many time in <1 second.
@Taz_NinjaHawk Well that is to protect from http flood tool. I use nginx burst/limit for kids that leave the pages on refresh.... They piss me off.
Edit:
iptables -I INPUT -p tcp -m state --state NEW -m recent --update --seconds 1 --hitcount 20 -j DROP
Anyone can help me how to change this so it's NOT responding to HTTP Requests but just connections?
Example, not 20 http requests within 1 second, but 20 connection attempts?