Subject: Re: How to get all the keys from servers?
roze at roze.lv
Mon Dec 4 23:00:15 UTC 2006
Why do all the evasive mods exists right in the webservers (mod_evasive in
case of apache for example (and prolly couple another))...
In my opinion you should take it (defence) into another layer.
Well okay I'm happy people find a lot of ways to use Memcached still
sometimes it seems just way too wrong.. just because un case of a real
attack you would want to avoid hammering the php engine (which is cpu/memory
intensive) at all and not to decide it in script. The .htacess approach may
work but its kinda performance drawback..
----- Original Message -----
From: "Thomas Seifert" <thomas-lists at mysnip.de>
To: <memcached at lists.danga.com>
Sent: Monday, December 04, 2006 11:50 PM
Subject: Re: Subject: Re: How to get all the keys from servers?
> Thats a simple approach I'm actually using.
> I'm putting every IP which hits my php-script into the database if it
> doesn't exist yet and if it exists I just increment its counter.
> If a certain threshold in a couple of seconds is reached the ip is
> blocked by adding a .htaccess-entry.
> No processing of all keys needed.
> Jason Pirkey schrieb:
>> If you are analyizing for attacks, it would be easier to do a real
>> time analysis with memcached, because at that point you will have the
>> IP address you are looking for -- do a hit to memcache to get its
>> counter and act accordingly (saving it to the database for later
>> analysis if it hits a certain threshold for instance. This way you
>> will not have to do scanning of memcache and post processing.
>> -- Jason Pirkey (jason at pirkplace.com <mailto:jason at pirkplace.com>)
>> ---------- Forwarded message ----------
>> From: Jed Reynolds <lists at benrey.is-a-geek.net
>> <mailto:lists at benrey.is-a-geek.net>>
>> To: Brian Moon <brianm at dealnews.com <mailto:brianm at dealnews.com>>
>> Date: Mon, 04 Dec 2006 13:19:39 -0800
>> Subject: Re: How to get all the keys from servers?
>> Brian Moon wrote:
>> > Jed Reynolds wrote:
>> >> I'd have a use for a method to get all keys as well. For
>> instance, if I
>> >> wanted to store all the IPs that hit my webserver, and how many
>> > Isn't that what web logs are for?
>> Grepping, awking and sorting thru gigs of logfiles isn't as quick
>> as I'd
>> like it to be. I've also considered piping apache logs thru syslog-ng
>> and running it thru a filter. There's a lot of ways to analyze
>> Memcache might fill a need pretty easily. Otherwise I'd have to
>> write a
>> PHP daemon or something and have to deal with sockets and timing out
>> data and that's hardly worth the distraction.
>> memcached mailing list
>> memcached at lists.danga.com <mailto:memcached at lists.danga.com>
More information about the memcached