willemdh
commented
7 years ago Really? I'll accept now, will have to test later on my end.
Closed ThomDietrich closed 7 years ago
willemdh
commented
7 years ago Really? I'll accept now, will have to test later on my end.
dimon222
commented
7 years ago I apology for commenting on closed pull request, but If its used inside company, might be better to use "in-company" apt repo cache. If outside, repo can also require mirrors.
Changing cron job to run in random times might not stop the ddos, but rather cause the load still happening over the day (instead of specific time). That could be easily be mitigated by using caches.
ThomDietrich
commented
7 years ago @dimon222 the systems are not "in-company" or in any special environment. They are installed in random households all over the world. A cron job as it was defined till now, active on thousands of clients, will have the mentioned effect on repositories. How critical this affects the repository server(s) / infrastructure is another story but spreading the requests out to a random second over 6 hours will reduce the burst requests count to 1/21600 (statistically speaking).
We were contacted by a repository operator because clients around the world were sending coordinated requests in a DDoS like manner. Turns out we were using the cron job which is given as an example in the README, which shoots out
apt updateat 3:03am sharp.The PR also contains the first halve of what I've suggested in https://github.com/willemdh/FireMotD/issues/18
@willemdh Feel free to modify the PR to reflect your personal preferences