The server hiccups
Things may go a little wonky here for a bit. Unfortunately, the site is sort of being attacked right now, where someone is spawning and tying up hundreds of connections at some of the Maui X-Stream evidence and its causing some resource problems...
As you can tell by the scroll-bar, those go on for a long way, and the web server is just having some real issues while serving out the 'normal' content. Don't know who is doing it or why, and it's beyond uncool and I don't know what their deal is, but that's how it goes.
I'm sure there is a perfectly reasonable explanation as to why this is going on... Or at least I don't want to think about the unreasonable ones and will just have to keep firewalling and dealing with apache because, you know, I have nothing better to do. Anyways, trying to deal with it and should be able to, but that's why things are hiccuping and getting slow. And people wonder why I drink...
Posted by drunkenbatmanJuly 22, 2005, at 03:57 PM
Comments (9)
Posted by: at July 22, 2005 04:23 PM
You know exactly what is going on... what jackasses. Bzt
Posted by: Tom at July 22, 2005 04:43 PM
Hey DB, completely unrelated but what is with all these Macworkshops.com ads? Is google doing this or are you taking advertisers now?
Posted by: Patrick Weber at July 22, 2005 05:04 PM
DB, they are all coming from the same IP address (or so it looks like), so why not just block the IP?
Posted by: Hector at July 22, 2005 05:12 PM
Since he used 'firewalling' (not a real word?) I assume means plural of blocking them via the firewall. More than one IP is doing it that we can't see (from that screenshot that is hundreds of apache instances, so perhaps 5 to a score?), or as one is blocked another comes online. When you want to DDOS, you can either choke the sites bandwidth (easy to filter upstream at his provider) or its local resources (RAM) which are much harder. He can either have his upstream block multiple requests to that file from the same IP, remove the file they want gone or keep blocking their IPs as they come up in the firewall.
I would not assume this is Maui X-Stream it could be anyone picking a random file or wanting to divert investigators from who they really are.
Posted by: drunkenbatman at July 22, 2005 05:51 PM
DB, they are all coming from the same IP address (or so it looks like), so why not just block the IP?
Multiple IPs, within a somewhat narrow range, and as I drop them into iptables, a new ones come along. Entirely unamused, but oh well.
Posted by: Jason Terhorst at July 22, 2005 08:03 PM
oh, but it has to be Maui X-Stream, or the evil people related to it, since they couldn't get a successful legal jump on him.... Just take down the drunken one's server instead, huh?
Posted by: Troy at July 23, 2005 09:00 PM
Is it worth changing the URL (ie moving it into another folder?) and updating your referring pages to the new URL. Then you could have the original URL redirect somewhere else - I'll leave that to your imagination - maybe the Batman HD trailer on Apple :)
Posted by: bl at July 25, 2005 10:33 AM
install mod_security... it stops these types of attacks dead.
http://www.modsecurity.org/
http://www.studio2f.com/misc/2005/06/01installing_mod_security_on_osx_104_tiger.php
I told you that you'd get attacked, either in person, or on the Internet, one day. I'll reserve comment on the composition of the DOS, and the content of the article, and any relationship or animosity thereof....