Project

General

Profile

DoS Attack; Redmine crashes frequently

Added by Richard Rauch over 9 years ago

Hello,
I have a serious problem.
I am running a public Redmine server.
On the server I need to provide huge files for public download (e.g. 500 MB )
Actually all this works well.

BUT... seems that my server is frequently a victim of DoS attacks.
Every few days my Redmine services "Thin_RedmineXX" are down.
It happens in this situation:
Somebody (always some chinese IP-Addresses) is accessing a huge file for download. Download of such a file needs a few minutes. But the attacker is re-doing downloads every few seconds, before previous download is finished.
I saw, that memory consumption of Redmine processes are increasing for each download request. When several huge downloads are pending, the Redmine service is running out of memory and crashes.

I do not have any idea, what I should chance, that the server becomes more robust. In fact, I do not know, if it is a problem in apache or in Redmine.

Has anybody else such problems? How knows a solution.

By the way, I am running the Bitnami native installation under Windows.

Thanks in Advance

Richard


Replies (2)

RE: DoS Attack; Redmine crashes frequently - Added by Jan Niggemann (redmine.org team member) over 9 years ago

Every few days my Redmine services "Thin_RedmineXX" are down.
I do not know, if it is a problem in apache or in Redmine.

So you use thin behind apache? Do you use apache as a proxy?

Depending on your target audience I'd first resort to some sort of geoblocking, i.e. blacklisting the offending IPs.
Another obvious thing is to limit the number of concurrent downloads as well as putting them on another machine, perhaps S3 or whatever...

RE: DoS Attack; Redmine crashes frequently - Added by Richard Rauch over 9 years ago

Hello,

many thanks for your quick answer!

Yes, the server is based on apache. I am not an expert for server issues, we are using the native redmine installer from Bitnami. (out of the box, everything is included).

Blacklists I started already (Router configuration), but every time I blocked IPs (I blocked the whole subnet, not only a single IP), some times later there are attacks from other IP addresses again. The origin of this IP addresses are always China. I am wondering, why our server is interesting for chinese hackers! We are a very small company!!!

"Another obvious thing is to limit the number of concurrent downloads"...

This could be very helpful for us, but how we are able to limit it? I searched on internet and local conifuration files, but I was not able to find a "screw", with which we can adjust.

The third idea is interesting too. But how we can access from another server? The files should be available within the project's file tab. Is there any possibility to re-route the file access?
Some files we have put to our ftp already for download instead of Redmine. But, there are several customer's coporate firewalls, which disables ftp access at all....

Richard

    (1-2/2)