|
|
08-12-2011, 02:31 AM
|
|
Senior Member
|
|
Join Date: May 2011
Posts: 63
|
|
Anti-DDOS Block feature cannot detect this kind of request
Hi LiteSpeed,
My site is in heavy load condition now. But the anti-ddos feature does not work efficiently.
The attachment is my log file. It seem that LiteSpeed cannot detect the IP 113.163.80.152 as the ddos IP.
LiteSpeed is a great webserver, i hope you can improve the Anti-DDOS Block feature. I suggest the feature to add the denied IPs without tell us to restart LiteSpeed.
Thanks.
|
08-12-2011, 03:59 AM
|
|
LiteSpeed Staff
|
|
Join Date: Sep 2009
Posts: 2,226
|
|
|
what's your anti-ddos settings?
|
08-12-2011, 09:14 AM
|
|
Senior Member
|
|
Join Date: May 2011
Posts: 63
|
|
Hello NiteWave,
You mean settings of Per Client Throttling ?
Code:
Static Requests/second: 10
Dynamic Requests/second: 5
Outbound Bandwidth (bytes/sec): 256K
Inbound Bandwidth (bytes/sec): 0
Connection Soft Limit: 5
Connection Hard Limit: 15
Grace Period (sec): 15
Banned Period (sec): 900
|
08-12-2011, 10:13 AM
|
|
LiteSpeed Staff
|
|
Join Date: Oct 2010
Posts: 2,338
|
|
Please extract the entries related to 113.163.80.152 from your access and error logs for us to look.
Quote:
Originally Posted by redstrike
Hi LiteSpeed,
My site is in heavy load condition now. But the anti-ddos feature does not work efficiently.
The attachment is my log file. It seem that LiteSpeed cannot detect the IP 113.163.80.152 as the ddos IP.
LiteSpeed is a great webserver, i hope you can improve the Anti-DDOS Block feature. I suggest the feature to add the denied IPs without tell us to restart LiteSpeed.
Thanks.
|
|
08-12-2011, 10:22 AM
|
|
Senior Member
|
|
Join Date: May 2011
Posts: 63
|
|
Quote:
Originally Posted by webizen
Please extract the entries related to 113.163.80.152 from your access and error logs for us to look.
|
I have attached the logs at the first post. That's all i have. I think the IP 113.163.80.152 tried to attack my site or cheating our views counter. I think the buit-in Anti-DDOS feature of LiteSpeed should treat it like an attacker. But it doesn't |
08-12-2011, 10:29 AM
|
|
LiteSpeed Staff
|
|
Join Date: Oct 2010
Posts: 2,338
|
|
|
If the IP never shows up in these logs, LiteSpeed will not capture it. How did you know the IP is attacking the site? You must have something else to show.
|
08-12-2011, 10:43 AM
|
|
Senior Member
|
|
Join Date: May 2011
Posts: 63
|
|
Quote:
Originally Posted by webizen
If the IP never shows up in these logs, LiteSpeed will not capture it. How did you know the IP is attacking the site? You must have something else to show.
|
Quote:
2011-08-12 16:21:50.426 INFO [113.162.196.58:1459-0#raphay.com] File not found [/home/vn2rap/domains/raphay.com/public_html/enjoy_vn2rap/lofi_mp3/vietnam/rap/Subby/Kho_Hieu_2_(Remix)_(Ft._MAC,_BlackBi,_Young_H,_Phu toro,_Kiddy)_-_Subby.smi]
2011-08-12 16:21:50.426 INFO [113.165.29.11:51044-0#raphay.com] File not found [/home/vn2rap/domains/raphay.com/public_html/enjoy_vn2rap/lofi_mp3/korea/Secret_(Band)/Madonna_(Japanese_Ver.)/02._My_Boy_(New_Arrange_Ver.)_(Japanese_Ver.)_-_Secret.smi]
2011-08-12 16:21:53.254 INFO [115.78.123.226:2471-0#raphay.com] File not found [/home/vn2rap/domains/raphay.com/public_html/enjoy_vn2rap/lofi_mp3/vietnam/rap/Gino/Thoi_Quen_Cua_Anh_-_Gino.smi]
2011-08-12 16:21:55.626 INFO [113.163.80.152:41562-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
2011-08-12 16:21:57.977 NOTICE [115.74.24.117] reached per client soft connection limit: 5 for 65 seconds, close connection!
2011-08-12 16:21:58.050 INFO [113.163.80.152:41322-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:00.647 INFO [113.163.80.152:41736-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
2011-08-12 16:22:03.061 INFO [113.163.80.152:41331-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:05.652 INFO [113.163.80.152:41891-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
2011-08-12 16:22:08.078 INFO [113.163.80.152:41338-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:10.679 INFO [113.163.80.152:42043-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
2011-08-12 16:22:13.110 INFO [113.163.80.152:41340-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:15.408 INFO [115.78.123.66:48217-0#vn2rap.com] connection to [/tmp/lshttpd/lsphp5.sock.979] on request #4, confirmed, 1, associated process: 3331, running: 1, error: Connection reset by peer!
2011-08-12 16:22:15.408 NOTICE [115.78.123.66:48217-0#vn2rap.com] POST request in process stage, fail with 503
2011-08-12 16:22:15.408 NOTICE [115.78.123.66:48217-0#vn2rap.com] oops! 503 Service Unavailable
2011-08-12 16:22:15.408 NOTICE [115.78.123.66:48217-0#vn2rap.com] Content len: 44, Request line: 'POST /m/index.php HTTP/1.1'
2011-08-12 16:22:15.408 INFO [115.78.123.66:48217-0#vn2rap.com] Cookie len: 348, SID=704da8540c8b1985cd315e5f4ab70f14; MEDIA_TPL=black_pro; HIM_on_off=1; HIM_method=0; HIM_ckspell=1; HIM_daucu=1; PHPSESSID=87098673e4760b04ec2ea1b37568bb93; __utma=32370809.1221589921.1313141160.1313141160.1 313141160.1; __utmb=32370809.1.10.1313141160; __utmc=32370809; __utmz=32370809.1313141160.1.1.utmcsr=(direct)|utm ccn=(direct)|utmcmd=(none)
2011-08-12 16:22:15.725 INFO [113.163.80.152:42076-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
2011-08-12 16:22:18.132 INFO [113.163.80.152:41342-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:20.745 INFO [113.163.80.152:42077-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
2011-08-12 16:22:23.154 INFO [113.163.80.152:41343-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:25.771 INFO [113.163.80.152:42138-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
2011-08-12 16:22:28.189 INFO [113.163.80.152:41350-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:30.779 INFO [113.163.80.152:42296-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
2011-08-12 16:22:33.215 INFO [113.163.80.152:41352-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:35.799 INFO [113.163.80.152:42452-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
2011-08-12 16:22:36.063 INFO [113.170.210.203:1383-0#raphay.com] File not found [/home/vn2rap/domains/raphay.com/public_html/enjoy_vn2rap/lofi_mp3/vietnam/rap/PCK/Hanh_Phuc_Em_Ha_(Ft._LT_Rocky,_Nhokrain_-_PCK.smi]
2011-08-12 16:22:38.674 INFO [58.186.160.14:17334-0#raphay.com] File not found [/home/vn2rap/domains/raphay.com/public_html/enjoy_vn2rap/lofi_mp3/vietnam/rap/Kimken/Dung_(Ft._Spy)_-_Kimken.smi]
2011-08-12 16:22:38.675 INFO [113.163.80.152:41353-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:40.818 INFO [113.163.80.152:42603-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
2011-08-12 16:22:44.018 INFO [113.163.80.152:41355-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:44.801 INFO [222.253.179.36:16209-1#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/lofi_mp3/vietnam/rap/Lil_Knight/Dich_Den_(Mixtape)/05._Loi_Thoat_-_LK.mp3]
|
Here is all i have. I don't know what is your meaning? That is IP 113.163.80.152 show up with a lot of requests like below:
2011-08-12 16:22:38.675 INFO [113.163.80.152:41353-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#home]
2011-08-12 16:22:40.818 INFO [113.163.80.152:42603-0#vn2rap.com] File not found [/home/vn2rap/domains/vn2rap.com/public_html/m/#play,20213,di_luon_di_(ft._spu._pe_spy,_red).v2r]
|
08-12-2011, 11:33 AM
|
|
LiteSpeed Staff
|
|
Join Date: Oct 2010
Posts: 2,338
|
|
According to your attached log, IP 113.163.80.152 pulls these two URLs (only) every 5 seconds, respectively. That rate (0.4 requests/second) is way below your current Per Client Throttling limits. You can manually add that IP to Denied List or order our advanced anti-ddos services for automate blockage.
Code:
Static Requests/second: 10
Dynamic Requests/second: 5
Outbound Bandwidth (bytes/sec): 256K
Inbound Bandwidth (bytes/sec): 0
Connection Soft Limit: 5
Connection Hard Limit: 15
Grace Period (sec): 15
Banned Period (sec): 900
|
08-12-2011, 03:23 PM
|
|
Senior Member
|
|
Join Date: May 2011
Posts: 63
|
|
Quote:
Originally Posted by webizen
According to your attached log, IP 113.163.80.152 pulls these two URLs (only) every 5 seconds, respectively. That rate (0.4 requests/second) is way below your current Per Client Throttling limits. You can manually add that IP to Denied List or order our advanced anti-ddos services for automate blockage.
Code:
Static Requests/second: 10
Dynamic Requests/second: 5
Outbound Bandwidth (bytes/sec): 256K
Inbound Bandwidth (bytes/sec): 0
Connection Soft Limit: 5
Connection Hard Limit: 15
Grace Period (sec): 15
Banned Period (sec): 900
|
Although i have read the tips so many time, I quite don't understand the terms "Static" vs "Dynamic" Requests/second. Can you explain me more? which kind of request is static or dynamic? Can you give me some examples from the log which i shared?
Is Inbound Banwidth affect the upload of user? Or my site will be better if i set it to 1K (my site doesn't allow user to upload their content) |
08-12-2011, 05:22 PM
|
|
LiteSpeed Staff
|
|
Join Date: Oct 2010
Posts: 2,338
|
|
see descriptions at:
http://www.litespeedtech.com/docs/we...taticReqPerSec
http://www.litespeedtech.com/docs/we.../#dynReqPerSec
static content is the resource delivered to user exactly as stored on server such as jpg, gif, html, js files.
dynamic content (dynamically generated content) is generated by web application. the following (index.php) from your log is dynamic. the rest are hard to tell since they don't exist ("File not found") on server.
Quote:
|
2011-08-12 16:22:15.408 NOTICE [115.78.123.66:48217-0#vn2rap.com] Content len: 44, Request line: 'POST /m/index.php HTTP/1.1'
|
Inbound Bandwidth is for throttling user upload. "0" means no limit. if your site does not allow upload, it doesn't really make difference to set it at 1K or 0.
Last edited by webizen; 08-12-2011 at 05:25 PM..
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 04:49 AM.
|
|
