[Koha] F5 Attacks
Pedro Amorim
pjamorim91 at gmail.com
Wed Oct 26 23:28:06 NZDT 2016
I have tested this and the stress caused on the server is very severe. It
seems that for every request, a new zebra process is created and the server
will only respond when the last one is finished. This ofc will result in
time outs and eventually a crash in the server.
This is a major critical issue IMO, anyone who knows about this has the
power to deny the service of any Koha online without using any additional
hacking/attacking software.
The Koha I'm working on right now - still in development - is accessed
behind a proxy server, and I will attempt to solve the problem through
that, by limiting the requests from the same origin with very little time
between them. Still, even if I'm successful with this, the problem will
still lie in Koha.
Anyone with some sort of insight is very welcome.
Pedro Amorim
2016-10-26 8:24 GMT+00:00 clint.deckard <clint.deckard at frontiers.co.nz>:
> I have had this issue appear today. I have attempted to set up mod_evasive
> for apache but it doesn't seem to have solved the problem.
> I would really appreciate some advice.
> Clint.
>
>
> rfblanchard wrote:
>
>> Assume a basic opac search:
>> http://..../cgi-bin/koha/opac-search.pl?q=dog&branch_group_l
>> imit=branch%3A349
>>
>> This would take about 10 seconds to return the first time.
>>
>> Assume the user refreshes the results using f5 and keep there finger
>> there a
>> moment to long (3s):
>> This would kill my server for about 1 minute.
>>
>> Any attacker could easily make the server unresponsive indefinitely by
>> simply holding f5 on an opac search.
>>
>> Any recommendations on how to deal with this problem?
>>
>> here is a sample from top:
>>
>> Tasks: 313 total, 3 running, 309 sleeping, 0 stopped, 1 zombie
>> %Cpu(s): 93.7 us, 5.2 sy, 0.0 ni, 1.0 id, 0.2 wa, 0.0 hi, 0.0 si,
>> 0.0
>> st
>> KiB Mem: 16465036 total, 1532492 used, 14932544 free, 63180 buffers
>> KiB Swap: 8526844 total, 0 used, 8526844 free. 505124 cached
>> Mem
>>
>> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
>> COMMAND
>> 7027 peischo+ 20 0 416164 162924 12756 S 58.8 1.0 0:26.43
>> /usr/share/koha
>> 7009 peischo+ 20 0 416800 163524 12756 S 56.5 1.0 0:33.77
>> /usr/share/koha
>> 7444 peischo+ 20 0 129832 15216 5900 R 37.2 0.1 0:01.12
>> zebrasrv
>> 7445 peischo+ 20 0 129832 15216 5900 R 35.6 0.1 0:01.07
>> zebrasrv
>> 1151 mysql 20 0 886564 181096 10808 S 8.6 1.1 1:27.57 mysqld
>> 7435 koha 20 0 25892 3272 2528 R 0.3 0.0 0:00.03 top
>> 1 root 20 0 176144 5044 3096 S 0.0 0.0 0:01.43
>> systemd
>> 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00
>> kthreadd
>>
>>
>>
>> --
>> View this message in context: http://koha.1045719.n5.nabble.
>> com/F5-Attacks-tp5906098.html
>> Sent from the Koha-general mailing list archive at Nabble.com.
>> _______________________________________________
>> Koha mailing list http://koha-community.org
>> Koha at lists.katipo.co.nz
>> https://lists.katipo.co.nz/mailman/listinfo/koha
>>
> _______________________________________________
> Koha mailing list http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha
>
More information about the Koha
mailing list