0

I am receiving a lot of traffic from Portugal and Brazil, not our normal audience on one my servers, and after running Wireshark on a 1 minute TCP dump, Almost every request (close to 10 megs total in 1 minute, and 5 gigs of traffic over the last 12 hours) were from Portugal and Brazil (a bunch of different IPs though).

I don't want to have to update 10 different htaccess files. Is it possible to block it at the interface level.

Ubuntu Server 8.04 LTS

Jeremy Boyd
  • 606
  • 1
  • 10
  • 17
  • I have actually found the cause, I was able to get the SNMP dump from my host, and found that there were some connections gone wacky, and a reboot had closed them went back to our normal 500kbps not maxing out our connection at 10mbps. – Jeremy Boyd Feb 06 '10 at 22:23

1 Answers1

5

This would be called a "firewall." If you configure your server's firewall to block it, it will be blocked at the NIC (almost.) The kernel won't pass the packets along to the application at least.

If you are getting a lot of traffic going out a firewall will be fairly successful by blocking the traffic locally on your machine. If it is a huge amount of traffic coming in, it may be less so. In your case, it seems to be requests.

You might even consider rate limiting to those destinations rather than block it entirely. Then, if there are any legitimate requests, they may get through.

BTW, have you ensured that someone has not uploaded something you might not want to be serving? Sudden increases in traffic tend to be something to look into, or at least understand.

Michael Graff
  • 6,668
  • 1
  • 24
  • 36