[Koha] F5 Attacks
jonathan.druart at bugs.koha-community.org
Thu Oct 27 00:13:14 NZDT 2016
I don't think this can/must be fixed on Koha side.
It's a sysadmin duty to take care of that.
I would take a look at fail2ban to parse the web server access logs. But
make sure not to block your X librarians using the same ip ;)
On Wed, 26 Oct 2016 at 12:28 Pedro Amorim <pjamorim91 at gmail.com> wrote:
> I have tested this and the stress caused on the server is very severe. It
> seems that for every request, a new zebra process is created and the server
> will only respond when the last one is finished. This ofc will result in
> time outs and eventually a crash in the server.
> This is a major critical issue IMO, anyone who knows about this has the
> power to deny the service of any Koha online without using any additional
> hacking/attacking software.
> The Koha I'm working on right now - still in development - is accessed
> behind a proxy server, and I will attempt to solve the problem through
> that, by limiting the requests from the same origin with very little time
> between them. Still, even if I'm successful with this, the problem will
> still lie in Koha.
> Anyone with some sort of insight is very welcome.
> Pedro Amorim
> 2016-10-26 8:24 GMT+00:00 clint.deckard <clint.deckard at frontiers.co.nz>:
> > I have had this issue appear today. I have attempted to set up
> > for apache but it doesn't seem to have solved the problem.
> > I would really appreciate some advice.
> > Clint.
> > rfblanchard wrote:
> >> Assume a basic opac search:
> >> http://..../cgi-bin/koha/opac-search.pl?q=dog&branch_group_l
> >> imit=branch%3A349
> >> This would take about 10 seconds to return the first time.
> >> Assume the user refreshes the results using f5 and keep there finger
> >> there a
> >> moment to long (3s):
> >> This would kill my server for about 1 minute.
> >> Any attacker could easily make the server unresponsive indefinitely by
> >> simply holding f5 on an opac search.
> >> Any recommendations on how to deal with this problem?
> >> here is a sample from top:
> >> Tasks: 313 total, 3 running, 309 sleeping, 0 stopped, 1 zombie
> >> %Cpu(s): 93.7 us, 5.2 sy, 0.0 ni, 1.0 id, 0.2 wa, 0.0 hi, 0.0 si,
> >> 0.0
> >> st
> >> KiB Mem: 16465036 total, 1532492 used, 14932544 free, 63180 buffers
> >> KiB Swap: 8526844 total, 0 used, 8526844 free. 505124 cached
> >> Mem
> >> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
> >> COMMAND
> >> 7027 peischo+ 20 0 416164 162924 12756 S 58.8 1.0 0:26.43
> >> /usr/share/koha
> >> 7009 peischo+ 20 0 416800 163524 12756 S 56.5 1.0 0:33.77
> >> /usr/share/koha
> >> 7444 peischo+ 20 0 129832 15216 5900 R 37.2 0.1 0:01.12
> >> zebrasrv
> >> 7445 peischo+ 20 0 129832 15216 5900 R 35.6 0.1 0:01.07
> >> zebrasrv
> >> 1151 mysql 20 0 886564 181096 10808 S 8.6 1.1 1:27.57
> >> 7435 koha 20 0 25892 3272 2528 R 0.3 0.0 0:00.03 top
> >> 1 root 20 0 176144 5044 3096 S 0.0 0.0 0:01.43
> >> systemd
> >> 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00
> >> kthreadd
> >> --
> >> View this message in context: http://koha.1045719.n5.nabble.
> >> com/F5-Attacks-tp5906098.html
> >> Sent from the Koha-general mailing list archive at Nabble.com.
> >> _______________________________________________
> >> Koha mailing list http://koha-community.org
> >> Koha at lists.katipo.co.nz
> >> https://lists.katipo.co.nz/mailman/listinfo/koha
> > _______________________________________________
> > Koha mailing list http://koha-community.org
> > Koha at lists.katipo.co.nz
> > https://lists.katipo.co.nz/mailman/listinfo/koha
> Koha mailing list http://koha-community.org
> Koha at lists.katipo.co.nz
More information about the Koha