[Koha] F5 Attacks

clint.deckard clint.deckard at frontiers.co.nz
Wed Oct 26 21:24:13 NZDT 2016 

I have had this issue appear today. I have attempted to set up 
mod_evasive for apache but it doesn't seem to have solved the problem.
I would really appreciate some advice.
Clint.

rfblanchard wrote:
> Assume a basic opac search:
> http://..../cgi-bin/koha/opac-search.pl?q=dog&branch_group_limit=branch%3A349
> 
> This would take about 10 seconds to return the first time.
> 
> Assume the user refreshes the results using f5 and keep there finger there a
> moment to long (3s):
> This would kill my server for about 1 minute.
> 
> Any attacker could easily make the server unresponsive indefinitely by
> simply holding f5 on an opac search.
> 
> Any recommendations on how to deal with this problem?
> 
> here is a sample from top:
> 
> Tasks: 313 total,   3 running, 309 sleeping,   0 stopped,   1 zombie
> %Cpu(s): 93.7 us,  5.2 sy,  0.0 ni,  1.0 id,  0.2 wa,  0.0 hi,  0.0 si,  0.0
> st
> KiB Mem:  16465036 total,  1532492 used, 14932544 free,    63180 buffers
> KiB Swap:  8526844 total,        0 used,  8526844 free.   505124 cached Mem
> 
>   PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
>  7027 peischo+  20   0  416164 162924  12756 S  58.8  1.0   0:26.43
> /usr/share/koha
>  7009 peischo+  20   0  416800 163524  12756 S  56.5  1.0   0:33.77
> /usr/share/koha
>  7444 peischo+  20   0  129832  15216   5900 R  37.2  0.1   0:01.12 zebrasrv
>  7445 peischo+  20   0  129832  15216   5900 R  35.6  0.1   0:01.07 zebrasrv
>  1151 mysql     20   0  886564 181096  10808 S   8.6  1.1   1:27.57 mysqld
>  7435 koha      20   0   25892   3272   2528 R   0.3  0.0   0:00.03 top
>     1 root      20   0  176144   5044   3096 S   0.0  0.0   0:01.43 systemd
>     2 root      20   0       0      0      0 S   0.0  0.0   0:00.00 kthreadd
> 
> 
> 
> --
> View this message in context: http://koha.1045719.n5.nabble.com/F5-Attacks-tp5906098.html
> Sent from the Koha-general mailing list archive at Nabble.com.
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha

More information about the Koha mailing list