Possible DOS attack caught on time

My server suddenly went under a very heavy load, similar with a DOS (Denial Of Service) attack. Luckily I was 1 foot away form it and heard the hard-drive working like crazy so I ssh-ed in the server, checked the running processes, noticed it was a high load on mysql (only possible via web), did a netstat, found the offending IP and temporarely -j DROP-ped it out with iptables. the load stopped suddenly so my finding was right.

this is the offending ip:
anyone know the guy behind it, hit him hard in the head.
will see if he returns and if he does, the -j DROP will become permanent.
Just for the record I currently have 7 IPs with permanent -j DROP . I should probably remove them since they are pretty old and with the use of DHCP the IPs probably belong to a ton of other people now.

Related posts

Tags: ,

Leave a Reply

This blog is kept spam free by WP-SpamFree.