2

I've got a VPS account that I set up with lxadmin.

I've got a stats file at /home/http/tanguay.info/stats/ which is filling up extremely fast. Looking in it, I see that there are 1000s of entries with a referer that is obviously a spam site.

  • How can I block requests from this site? (A friend logged in couple of weeks ago and did something with the iptables which seemed to block some of these requests, but I had to reboot and it looks like those changes are gone.)
  • Since I didn't manually set up Apache (did it via lxadmin), I don't know where/why this stats file is being created? Where can I start looking?

alt text

  • I asked a similar question and it was suggested I check /etc/logrotate.conf which looks like this:

alt text

But this seems to be effecting the following directory instead, which is another source of growing log files but not as acute at the moment:

alt text

It was also suggested that in the /etc/http/conf/http.conf I comment out the "ErrorLog" line, which I did many weeks ago and which had no effect on either of the log file directories above:

alt text

It was also suggested I change the /etc/logrotate.d/httpd file and make it "size-based" instead of "time-based". Here is the file. How would I change it to "time-based":

alt text

But then I realize that this has nothing to do with the two directories of log files that I know about but yet a THIRD set of log files that are filling up:

alt text

How can I proceed from here to (1) get these THREE different directories of log files from filling up my VPS drive and (2) how to block those requests from spam sites with iptables?

Glorfindel
  • 1,213
  • 4
  • 15
  • 22
Edward Tanguay
  • 1,209
  • 4
  • 22
  • 31
  • For iptables, you need to include the current output of 'sudo iptables -L' so we can see how it is currently configured. Although we might be able to tell from that output, what is your distro? Debian and Redhat have different ways of saving the rules so they are persistent accross reboots. – Kyle Brandt Aug 04 '09 at 00:41
  • [Administration panels are off topic](http://serverfault.com/help/on-topic). [Even the presence of an administration panel on a system,](http://meta.serverfault.com/q/6538/118258) because they [take over the systems in strange and non-standard ways, making it difficult or even impossible for actual system administrators to manage the servers normally](http://meta.serverfault.com/a/3924/118258), and tend to indicate low-quality questions from *users* with insufficient knowledge for this site. – HopelessN00b Apr 09 '15 at 19:52

2 Answers2

1

Well, you did a lot of work to paste in screenshots with red lines and stuff. You could've probably just used the 'man logrotate' command, like the configuration file suggested, so that you could target the proper directories.

Logrotate has a few functions that will help you with disk space. The first is 'how many logs to keep' -- if you set this low, it'll delete old files very quickly. The next is 'compression' - when it rotates a log file out, it'll compress it, which will save you massive amounts of disk space. (It chews up CPU, though, while it's compressing. It shouldn't really take THAT long.)

Look in the /etc/logrotate.d directory, if it exists, and see if there are any more configurations for apache. (a file in /etc/ that ends in .d means that the system the files are for automatically looks for files in there with a specific extension and reads them as configuration files. For instance, logrotate will read in /etc/logrotate.d/foo.conf and /etc/logrotate.d/bar.conf but will ignore /etc/logrotate.d/baz.c).

Blocking the host is usually a bad idea because it doesn't really solve the problem you're facing, which is disk space. You can put something automatic in place, but that can lead to later problems because you can end up banning gateways for services like AOL, and you'll have transient problems that are impossible to troubleshoot.

Karl Katzke
  • 2,596
  • 1
  • 22
  • 24
0
  • Use your firewall to block the offending IP. How depends on how you are managing your firewall. (shorewall, raw iptables rules, etc). For something "automatic", look into fail2ban.
  • Unless you change things, apache creates two log files, access_log and error_log.
  • Commenting out a configuration option usually causes apache to use its built in default. Not disable it.
  • logrotate looks to be configured to keep four weeks work of log files. You may want to uncomment the "compress" option so logrotate will compress the log files automatically. It will delete older files automatically.
  • The first page of the lxadmin installation docs shows it uses awe stats to generate site statistics. So that's where the statistics files are coming from.
David
  • 3,555
  • 22
  • 17