lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Hi,

Andre Carregal wrote:
> As most have already noticed, LuaForge has been under a lot of  
> pressure recently and the site gets almost unusable when overloaded.

Well, yes, I noticed. I got complaints from People wanting to
download LuaJIT ...

> Apparently someone is using some bot or script to download files from  
> LuaForge and the script is not behaving nicely.
> 
> If someone has suggestion or hints about what may be happening or how  
> to deal with such issues please contact me.

I don't know the reason. But here's what to do against such
attacks, in escalation order:

1. Identify the IP or the IP range. Block it in kernel-level
firewalling.

2. If there's no consistent IP (e.g. a botnet), try to find out
if a specific HTTP Header is used, like libwww/perl or Curl or
whatever. Then match on that header and either drop the
connection or slow them down with a 20 second delay (if you can
live with lots of processes hanging around). Optionally add the
current IP to the block list (you may need to clean the list
before it grows too large).

3. If there is no detectable difference against regular
downloads, then try to move the download URL. Once per hour if
necessary. Or add a hidden parameter to the pages which link to
it. Or add a time-based parameter with a 10 minute validity. Or
add some JavaScript-based redirect. Or, in the worst case, add a
Captcha.

4. Involves some guys from Russia. You don't wanna know. :-)

Bye,
     Mike