[mythtv-users] Re: atprms.net unreachable? (ip blocking)

Scott catfather at donpoo.net
Tue Jun 14 20:15:07 UTC 2005


On Jun 14, 2005, at 2:48 PM, Axel Thimm wrote:
> Disconnecting and reconnecting is OK, the script only checks for >= 20
> *concurrent* connections. If yum really behaves unproper, please use
> apt.

This is my first attempt at using atrpms.net so I'm not familiar with  
the history of the site. Is this ip blocking a recent site addition?  
Having seen your email about clearing all blocked ips, I ran "yum  
update" on my htpc FC4 box without doing any other activity that  
would have brought me to atrpms.net. (ie: I didn't browse it).

Yum appears to have made about 10-11 connections to your ip before it  
was blackholded. Attached is the entire output of the yum command.  
The command was run at about 15:40 so you can check your web server  
logs for my IP (66.57.80.76) prior to it being blocked and count the  
number of connections made from yum (look for the yum user agent in  
access_log).

> while /bin/true; do
> /bin/cp -a /etc/blockedhosts /etc/blockedhosts.old
> netstat -pan | grep 160.45.32.[0-9]*:80| awk '{print $5}' | awk -F:  
> '{print $1}' |  sort | uniq -c | sort -n \
>  | grep '^ *[2-9][0-9][0-9]* ' | awk '{print $2}' >> /etc/blockedhosts
> sort -nu < /etc/blockedhosts | grep -vf /etc/whitelist > /etc/ 
> blockedhosts.new
> mv -f /etc/blockedhosts.new /etc/blockedhosts
> /etc/rc.local
> #diff -ud /etc/blockedhosts.old /etc/blockedhosts
> sleep 30

The connection count grep looks a bit funny to me. I tested it here  
on a heavily loaded web server at work and couldn't get good results.  
A small change to use awk instead of grep seems to work better. Here  
is the line I used to find IPs with a connection count greater than  
20 to port 80:

MYIP="160.45.32.[0-9]*:80";
netstat -nap | grep ${MYIP} | awk '{print $5}' | awk -F: '{print  
$1}'  | sort | uniq -c | sort -n \
| awk '{if ($1 > 20) print $2}' >> /etc/blockedhosts;

In the above line a list like:

    1 192.168.1.1
    3 192.168.1.2
  20 192.168.1.3
  21 192.168.1.4

Only 192.168.1.4 will match " awk '{if ($1 > 20) print $2}' ". Can  
you try this modification and unblock my ip? :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: yum.atrpms.log
Type: application/octet-stream
Size: 3812 bytes
Desc: not available
Url : http://mythtv.org/pipermail/mythtv-users/attachments/20050614/73a8a32d/yum.atrpms.obj
-------------- next part --------------


--
Scott <catfather at donpoo.net>
AIM: BlueCame1



More information about the mythtv-users mailing list