Page 3 of 3
Posted: Wed Oct 13, 2004 8:08 pm
by ray
I really don't think it's an intentional DOS attack. I think it's Bank One's caching web proxy trying to suck down my whole site once an hour so they can save bandwidth on their end.
The fact that it's once an hour makes me believe this.
It has really been a pain in the ass trying to track this down. I'd love to get my hands around the responsible person's neck.
Posted: Wed Oct 13, 2004 8:29 pm
by marathonmedic
Isn't that the American way? Use someone else's resources so you can save money? I think you should demand a small commission on all transactions that happen as a result of your pirated bandwidth.
Posted: Wed Oct 13, 2004 8:52 pm
by ray
Well, I'm happy to say that I'm pretty sure I've blocked the source IP addresses that were causing the server to die.
So if you know anyone on 159.53.0.0/16 then you may want to inform them of why they can't access the site.
Posted: Wed Oct 13, 2004 9:48 pm
by climbhigh
I got more done at work the last couple days than I have in a long time. I hate it !
Posted: Wed Oct 13, 2004 10:42 pm
by Wes
Crazy for sure. Could also be something like webwacker running on a set schedule.
Wes
Posted: Thu Oct 14, 2004 2:39 pm
by Alan Evil
I guess it's time to go introduce a number 5 cam to the asshole of the President of Bank One. I've always hated that bank anyway.
Posted: Thu Oct 21, 2004 2:04 am
by Boyd
vietcong can make bombs from bottle caps...and they can take down a website.
I had a similar attack via smtp...which might be your problem. note: i have no clue, but i can explain my experience.
I had a flood of smtp requests bring down my server. It wasn't a dos attack but a spam attack that zapped my memory and cache so no server could work. Boom. I made iptables more hard. MAPS hard.....but do this to see who is the mail-send perp (if applicable): grep "Oct" /var/log/secure | grep smtp | sed 's/ / /g' | cut -d' ' -f1,2,9 | sort | uniq -c | sort -nr | head | sed 's/from=//g'