[Koha] Slowness & outages

Stowasser Rainer Rainer.Stowasser at geosphere.at
Fri Jul 11 17:31:17 NZST 2025 

we had the same Problem

so our support firm hks3 installed

https://anubis.techaro.lol/

it works fine.

Kind regards
Hofrat Mag. Rainer Stowasser
Geosphere Austria IKS-Services
Vice Head Library, Publisher, Archive
branch manager Hohe Warte

Hohe Warte 38, 1190 Vienna
T. +43 1 360 26 2006
rainer.stowasser at geosphere.at  |  www.geosphere.at

GeoSphere Austria – Bundesanstalt für Geologie, Geophysik, Klimatologie und Meteorologie  |  Anstalt öffentlichen Rechts
Firmensitz: Hohe Warte 38, 1190 Wien  |  Firmenbuchnummer: 584036 b  |  Firmenbuchgericht: Handelsgericht Wien

________________________________________
Von: Koha <koha-bounces at lists.katipo.co.nz> im Auftrag von Mark Alexander <marka at pobox.com>
Gesendet: Donnerstag, 10. Juli 2025 23:34:26
An: Koha
Betreff: Re: [Koha] Slowness & outages

It looks I spoke too soon about my use of iptables to block out of
control web crawlers.  Our Koha installation is now being attacked by
crawlers, and there are so many that using iptables isn't practical.

Examining /var/log/apache2/other_vhosts_access.log shows that these
crawlers don't use any identification that can be used by fail2ban.
Here are a couple of them (with the name of our library changed, and URLs
shorted):

koha.example.com:443 14.248.94.197 - - [10/Jul/2025:17:19:11 -0400] "GET /cgi-bin/koha/opac-search.pl?... HTTP/1.1" 200 15946 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1 rv:4.0; bem-ZM) AppleWebKit/535.45.1 (KHTML, like Gecko) Version/4.0.2 Safari/535.45.1"
koha.example.com:443 200.71.98.253 - - [10/Jul/2025:17:19:11 -0400] "GET /cgi-bin/koha/opac-search.pl?... HTTP/1.1" 200 15960 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows CE; Trident/4.0)"

Running a grep|sed|sort|uniq filter on the log show that we're being
attacked by almost 1000 crawlers today.

I've tried adding these lines to /etc/apache2/apache2.conf:

<IfModule mpm_worker_module>
MaxRequestWorkers 5
</IfModule>

But the attacks still keep both CPUs busy; top reports them as
follows:

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND
10319 rpl-koha  20   0  288340 234040  20880 R  80.1   5.9   0:04.14 /usr/share/koha
10085 rpl-koha  20   0       0      0      0 R  68.1   0.0   0:17.03 starman worker

I'm not sure what to do next.  I had thought of using the apache2
authz_core module to restrict Koha to a handful of IP addresses, such
as those used by computers at the library.  But this would prevent
patrons from accessing the OPAC from home. I'm pretty desperate now.
Suggestions welcome.

This is on Linode, in case that makes a difference.

--
I'm doing my part to help preserve life on earth
by trying to preserve my own. --Ashleigh Brilliant

_______________________________________________

Koha mailing list  http://koha-community.org
Koha at lists.katipo.co.nz
Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
EXTERNAL EMAIL: Do not click any links or open any attachments unless you trust the sender and know the content is safe.

More information about the Koha mailing list