I really don't think it's an intentional DOS attack. I think it's Bank One's caching web proxy trying to suck down my whole site once an hour so they can save bandwidth on their end.
The fact that it's once an hour makes me believe this.
It has really been a pain in the ass trying to track this down. I'd love to get my hands around the responsible person's neck.
Server Outage
-
marathonmedic
- Posts: 1557
- Joined: Fri Feb 20, 2004 3:01 am
I guess it's time to go introduce a number 5 cam to the asshole of the President of Bank One. I've always hated that bank anyway.
[size=75]You are as bad as Alan, and even he hits the mark sometimes. -charlie
"Not all conservatives are stupid, but most stupid people are conservative." - John Stuart Mill[/size]
"Not all conservatives are stupid, but most stupid people are conservative." - John Stuart Mill[/size]
vietcong can make bombs from bottle caps...and they can take down a website.
I had a similar attack via smtp...which might be your problem. note: i have no clue, but i can explain my experience.
I had a flood of smtp requests bring down my server. It wasn't a dos attack but a spam attack that zapped my memory and cache so no server could work. Boom. I made iptables more hard. MAPS hard.....but do this to see who is the mail-send perp (if applicable): grep "Oct" /var/log/secure | grep smtp | sed 's/ / /g' | cut -d' ' -f1,2,9 | sort | uniq -c | sort -nr | head | sed 's/from=//g'
I had a similar attack via smtp...which might be your problem. note: i have no clue, but i can explain my experience.
I had a flood of smtp requests bring down my server. It wasn't a dos attack but a spam attack that zapped my memory and cache so no server could work. Boom. I made iptables more hard. MAPS hard.....but do this to see who is the mail-send perp (if applicable): grep "Oct" /var/log/secure | grep smtp | sed 's/ / /g' | cut -d' ' -f1,2,9 | sort | uniq -c | sort -nr | head | sed 's/from=//g'