The first thing we do, let's kill all the spammers
For the last few weeks, my web server (hosting PyCS, the Topic Exchange, and all that) has been spending much of its time more or less comatose. I haven't been able to figure out why, until today when I did a lsof | grep TCP
and saw that almost all of the connections to port 80 were from clients of alestra.com.mx, requesting the PyCS comments page ... argh ...
So now I've configured it to deny all requests from .alestra.com.mx. My apologies to any legitimate visitors from alestra.com.mx PyCS might have, but the server was suffering too much from the huge volume of comments page requests from the spammer living somewhere near you.
Fingers crossed - let's see if the site comes back to life now. You'll know real soon...
Update: Looks like I needed to go a bit lower-level. The connections from Mexico were still coming up and TRYING to do something, and still hanging Apache. So now:
iptables -A INPUT -p tcp --source 207.248.240.118 --dport 80 -j DROP
iptables -A INPUT -p tcp --source 207.248.240.119 --dport 80 -j DROP
iptables -A INPUT -p tcp --source 148.244.150.57 --dport 80 -j DROP
iptables -A INPUT -p tcp --source 148.244.150.58 --dport 80 -j DROP
Update 2: OK, now they're on a different IP address.
iptables -F INPUT
iptables -A INPUT -p tcp --source 207.248.240.0/24 --dport 80 -j DROP
iptables -A INPUT -p tcp --source 148.244.150.0/24 --dport 80 -j DROP