maximillianos - 9:18 pm on Mar 12, 2010 (gmt 0)
Alright. I'm finally done! My early warning system is now up and running... Here is the final product:
1. Checks memory usage every 15 minutes, looks for swapping or low memory - both signs of problems - sends a text message alert.
2. Checks web server logs (access_log) every 15 minutes for some abuse patterns:
a. If I see an unusual number of international traffic, I'm alerted (text msg) of a potential DDOS attack (a pattern I've noticed in my last attack). I've built-in a switch that can stop all international traffic to my site when turned on. It is not ideal performance wise, but better than letting them hit my database over and over.
b. I check for any IP's that are not Google, MSN, Yahoo, Ask, Amazon, etc that are pulling more than their fair share of pages on my site. If I find one, it gets auto-blocked (via APF) and then I get a text-message. The paper trail is left in the deny_hosts file so I can undo any errors later if needed.
So have I gone over-board? Am I too paranoid? Maybe. =)
It is all compiled in a few shell and perl scripts and then scheduled via cron. So far so good, it has stopped a few scrapers since yesterday... =)
If anyone is interested in more details on the source code for the pieces of the puzzle, let me know!