iptables -A INPUT -s 117.144.138.130/24 -j DROP # rogue chinese bot
iptables -A INPUT -s 116.232.49.231/24 -j DROP # rogue chinese bot
Empty the "trap" again and block two Chinese subnetworks with rouge, unidentified bot activity.
Honestly, this is starting to "annoy me a lot" in the possibility that these performance hits, and all the time I am spending to find the cause of these hits / spikes, wasting valuable "time in life" is related to rouge, unidentified bots from Chinese networks.
If this continues, I am going to start blocking Chinese networks at the /16 and /8 levels (entire networks).
First, let's see if this is indeed the main source of these spikes. As we all know from situational awareness theory and the famous OODA loop by John Boyd.
OBSERVE
ORIENT
DECIDE
ACT
Already, we have enough information to ACT. But lets continue to OBSERVE
The loop goes on ... and on ....
Please note that we cannot trust apache2 modules and other third-party software to automatically block IPs, because this can results in blocking the "good bots" which are important for search engine optimization and site traffic.
That means, if this is confirmed that these kinds of bots continue to be the cause of problems, then I will need to DECIDE how to deal with this situation moving forward. I think point in time, I am going to continue to "trap and trace" before making a decision. However, it does seem, at this point, that rouge, unidentified bots from Chinese networks are causing performance issues and need to be "dealt with".
If anyone else has experienced similar issues and has an interesting potential solution to this problem, please reply and share your ideas.
Thanks!
PS: I may consider automating this, as follows:
Capture network session activity when one minute load average exceeds a threshold (as I am doing now).
Filter results captured in the DB based on "hitcount" and "country".
If the "hitcount" exceeds a certain threshold and "country" is in an array of "known to have rouge bots countries".
we have an unix system which has
load average normally about 20.
but while i am running a particular unix batch which performs heavy
operations on filesystem and database average load
reduces to 15.
how can we explain this situation?
while running that batch idle cpu time is about %60-65... (0 Replies)
Hello all, I have a question about load averages.
I've read the man pages for the uptime and w command for two or three different flavors of Unix (Red Hat, Tru64, Solaris). All of them agree that in the output of the 2 aforementioned commands, you are given the load average for the box, but... (3 Replies)
Hello, Here is the output of top command. My understanding here is,
the load average 0.03 in last 1 min, 0.02 is in last 5 min, 0.00 is in last 15 min.
By seeing this load average, When can we say that, the system load averge is too high?
When can we say that, load average is medium/low??... (8 Replies)
Hi,
i have installed solaris 10 on t-5120 sparc enterprise.
I am little surprised to see load average of 2 or around on this OS.
when checked with ps command following process is using highest CPU. looks like it is running for long time and does not want to stop, but I do not know... (5 Replies)
Hello AlL,..
I want from experts to help me as my load average is increased and i dont know where is the problem !!
this is my top result :
root@a4s # top
top - 11:30:38 up 40 min, 1 user, load average: 3.06, 2.49, 4.66
Mem: 8168788k total, 2889596k used, 5279192k free, 47792k... (3 Replies)
Hi ,
I am using 48 CPU sunOS server at my work.
The application has facility to check the current load average before starting a new process to control the load.
Right now it is configured as 48. So it does mean that each CPU can take maximum one proces and no processe is waiting.
... (2 Replies)
Hi,
I am getting a high load average, around 7, once an hour. It last for about 4 minutes and makes things fairly unusable for this time.
How do I find out what is using this. Looking at top the only thing running at the time is md5sum.
I have looked at the crontab and there is nothing... (10 Replies)
Here we go....
Preface:
..... so in a galaxy far, far, far away from commercial, data sharing corporations.....
For this project, I used the ESP-WROOM-32 as an MQTT (publish / subscribe) client which receives Linux server "load averages" as messages published as MQTT pub/sub messages.... (6 Replies)
Discussion started by: Neo
6 Replies
LEARN ABOUT DEBIAN
eggdrop
eggdrop(1) IRC Tools eggdrop(1)NAME
eggdrop - an IRC bot
SYNOPSIS
eggdrop [options] [config-file]
DESCRIPTION
Eggdrop is the World's most popular Internet Relay Chat (IRC) bot; it is freely distributable under the GNU General Public License (GPL).
Eggdrop is a feature rich program designed to be easily used and expanded upon by both novice and advanced IRC users on a variety of hard-
ware and software platforms.
An IRC bot is a program that sits on an IRC channel and performs automated tasks while looking just like a normal user on the channel. Some
of these functions include protecting the channel from abuse, allowing privileged users to gain op or voice status, logging channel events,
providing information, hosting games, etc.
One of the features that makes Eggdrop stand out from other bots is module and Tcl scripting support. With scripts and modules, you can
make the bot perform almost any task you want. They can do anything from preventing floods to greeting users and banning advertisers from
channels.
You can also link multiple Eggdrop bots together to form a botnet. This can allow bots to op each other securely, control floods effi-
ciently, and even link channels across multiple IRC networks. It also allows the Eggdrops share user lists, ban lists, exempt/invite lists,
and ignore lists with other bots if userfile sharing is enabled. This allows users to have the same access on every bot on your botnet. It
also allows the bots to distribute tasks such as opping and banning users. See doc/BOTNET for information on setting up a botnet.
Eggdrop needs a config file to run. For an example, have a look at eggdrop.conf which is distributed with Eggdrop.
OPTIONS -h Display a list of command-line options.
-n Don't background. Normally, Eggdrop will move itself into the background when you start it up, meaning you'll get another shell
prompt, and you can do other things while the bot is running. With -n, you won't return to the shell prompt until the bot exits
(which won't normally happen until it's killed). By default, -n will send all log entries to the console.
-nt Don't background, use terminal. This is just like -n, except that instead of seeing log entries, your console will simulate a DCC
chat with the bot.
-nc Don't background, show channel info. This is just like -n, except that instead of seeing log entries, every 10 seconds your screen
will clear and you will see the current channel status, sort of like "top".
-m Create userfile. If you don't have a userfile, this will make Eggdrop create one and give owner status to the first person that
introduces himself or herself to it. You'll need to do this when you first set up your bot.
-v Show version info, then quit.
SIGNALS
SIGCHLD
This signal is ignored by Eggdrop and can be used to determine whether it's running or not.
SIGTERM
Depending on die-on-sigterm being set to 0 or 1 in the config file, Eggdrop will save its user and channel file and/or die.
SIGHUP Depending on die-on-sighup being set to 0 or 1 in the config file, Eggdrop will rehash (reload its config file) or die.
ENVIRONMENT VARIABLES
EGG_LANG
This variable can be set to the language in which you want Eggdrop to speak
to you. It defaults to English, but German, French, Finnish, and Danish are supported, too.
EGG_LANGDIR
Specifies the directory where all your language files are stored. The default is ./language.
SEE ALSO tclsh(1), irc(1), ircII(1), ircd(8)
There is extensive online documentation. Once you get the bot running, open a DCC chat with it, and type: .help
In addition, the files in the doc/ directory provide detailed information about how Eggdrop works and how to use it.
AUTHORS
Written by Robey Pointer, the Eggheads Development Team and various others. See the files AUTHORS for a list of Eggdrop developers and
major contributors, THANKS for a full list of Eggdrop contributors, and the doc/Changes files for a list of changes made to each version of
Eggdrop.
REPORTING BUGS
See doc/BUG-REPORT.
Bugs can either be reported directly to BugZilla, at http://bugzilla.eggheads.org, or via e-mail to <bugs@eggheads.org>.
COPYRIGHT
Copyright (C) 1997 Robey Pointer
Copyright (C) 1999 - 2010 Eggheads Development Team
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MER-
CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
Eggheads Development Team August 2004 eggdrop(1)
02-15-2020
