Denial of Service Attack (DOS), Grrr….
Today I had the pleasure of a random guy in Mexico recursively downloading as much of my site as he could, which sent my CPU load to 2.0, a level that Dreamhost would find acceptable but which I personally freak out about. The r-dns and IP of this guy are:
dsl-189-171-15-59.prod-infinitum.com.mx
189.171.15.59
He started at 04/Nov/2007:12:04:36 and ended (by iptables ban) at 04/Nov/2007:20:17:03. In those 8 hours and thirteen minutes, he made over 250,000 requests. That’s an extra 8.5 requests per second from a single IP, which is clearly unacceptable behavior:
[root@fc624389 ~]# cat access_log | grep 189.171.15.59 | wc -l
251923
If you don’t believe me, the next biggest offender over the last 24 hours made only 4,400 requests:
[root@fc624389 ~]# cat access_log | cut -d’ ‘ -f1 | sort -n | uniq -c | sort -nr | more
251923 189.171.15.59
4403 66.249.73.116
2012 76.88.78.239
1646 70.141.105.233
The user agent of this guy doesn’t tell *me* anything about him, but maybe one of you readers has an idea?
189.171.15.59 - - [04/Nov/2007:12:04:38 -0500] “GET /wp-content/themes/greenmarinee/images/links_bullet.gif HTTP/1.1″ 200 467 “http://celebrity-photos.elliottback.com/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)”
Another thing that bugs me is he requested each URL about 7 times. WTF? Do you really need to spider my site as fast as you can seven times?
[root@fc624389 ~]# cat access_log | grep 189.171.15.59 | cut -d’ ‘ -f11 | sort | uniq | wc -l
35414
I am either thinking of writing a very evil script to confuse non-google/msn/live/ask/yahoo bots by writing in an infinite number of invisible links into my websites, or installing some kind of mod_throttle into my apache. It looks like mod_limitipconn might help here, too.
This entry was posted on Sunday, November 4th, 2007 at 9:43 pm and is tagged with media center pc, denial of service attack, content themes, denial of service, celebrity photos, images links, random guy, unacceptable behavior, pc 3, google, uniq, cpu load, infinitum, recursively, bullet gif, access log, seven times, infinite number, freak, f1. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.
One Response to 'Denial of Service Attack (DOS), Grrr….'
Leave a Reply
Fresh, related resources:
- elainegrey @ 2008-05-09T07:02:00
(diixie_dixie8 - "Much appreciated") Grr. Earlier this week i finally figured out what was causing the denial of service (DOS) on our mac server -- one of Christine's blogs was accepting comments without Akismet, a spam filtering ... - Denial of Service Attack (DOS), Grrr….
access log, google, uniq, grep, clr, ask yahoo, msn, denial of service attack, dreamhost, random guy, yahoo bots, unacceptable behavior, images links, cpu load, content themes, windows nt 5, bullet gif, celebrity photos, infinite number ... - DOS attack Grrr!
Turns out they suffered a massive Denial of Service attack which took them a while to get under control. The attack is still ongoing but they seem to have blocked it pretty well. One good thing is that Anthony Casalena, the brilliant ... - Grr
For those who have had troubles connecting the past few weeks, Doug, my server admin, tells me he was thinking there were some hacker attacks that were bringing things down in the old DOS (denial-of-service) style, and it’s possible ...
on November 14th, 2007 at 1:40 pm
zzz