« The Knucklehead of the Day award | Main | Where Have You Gone, Mary Mapes? A Nation Turns Its Lonely Eyes To You »

Attack Of The BotNet

This morning we got hit by a very large botnet attack. In the process of restoring access to the server I was able to identify nearly all the attacking hosts (~50) and prevent them from ever accessing the site again.

Service is back to normal.


TrackBack URL for this entry:

Comments (10)

Interesting, how long was t... (Below threshold)

Interesting, how long was the attack?
seems that 50 bots is pretty small number for a botnet, don't you think?


There could have been more ... (Below threshold)

There could have been more that's just how many I caught in a snapshot, but it was a very target trackback storm. They were trying to post to dynamic pages (most of the site is static) that had nowhere on them to post. Each address was making 10-20 connections so that coupled with the errors they were generating - I guess - was bogging down Apache by using up server memory. Blocking their access fixed that right away, it just took a little while to make the change due to the server slowdown.

You need a bigger fly swatt... (Below threshold)

You need a bigger fly swatter Kevin. LOL

Isn't it great to know you ... (Below threshold)

Isn't it great to know you are loved so much and worth the effort to attack? Beware, with a relatively small attack, it could just have been a probe.

Keep up the good work.

Dang cylons!... (Below threshold)

Dang cylons!

It was a bad day all round.... (Below threshold)

It was a bad day all round... I had 3 servers get fairly serious attacks yesterday... Guess the morons where bored or something.

Amir, you might also consid... (Below threshold)

Amir, you might also consider something else....

While 50 machines might not seem like a lot to a site the size of Wizbang remember the rest of the load does not magically go away....

The server may very well be able to handle the attack -in a vacuum- but server admins aren't in the habit of leaving 10X the resources needed for a site sitting idle. It still has to do its regular job.

Now add the fact the base server load INCREASES during an attack... Why?

Amir, hits Wizbang and it doesn't load right. So he hits reload. Then he waits a while and gets impatient waiting on the browser, so he hits reload again.

Now the average load on the server just went up 300% over the usual base. On a site that gets 50,000 hits a day now that number when to 150,000...

And then there is the botnet attack.

Things can get out of control quickly.

I hope the day comes when J... (Below threshold)

I hope the day comes when John Q public can locate exactly where a hacker is, and perform creative justice.

Yes Knightbridge. The famo... (Below threshold)

Yes Knightbridge. The famous incident with the Russian spammer is absolutely appropriate.

If you are talking about th... (Below threshold)

If you are talking about the spammer story from late last year -- wasn't that a hoax?






Follow Wizbang

Follow Wizbang on FacebookFollow Wizbang on TwitterSubscribe to Wizbang feedWizbang Mobile


Send e-mail tips to us:

[email protected]

Fresh Links


Section Editor: Maggie Whitton

Editors: Jay Tea, Lorie Byrd, Kim Priestap, DJ Drummond, Michael Laprarie, Baron Von Ottomatic, Shawn Mallow, Rick, Dan Karipides, Michael Avitablile, Charlie Quidnunc, Steve Schippert

Emeritus: Paul, Mary Katherine Ham, Jim Addison, Alexander K. McClure, Cassy Fiano, Bill Jempty, John Stansbury, Rob Port

In Memorium: HughS

All original content copyright © 2003-2010 by Wizbang®, LLC. All rights reserved. Wizbang® is a registered service mark.

Powered by Movable Type Pro 4.361

Hosting by ServInt

Ratings on this site are powered by the Ajax Ratings Pro plugin for Movable Type.

Search on this site is powered by the FastSearch plugin for Movable Type.

Blogrolls on this site are powered by the MT-Blogroll.

Temporary site design is based on Cutline and Cutline for MT. Graphics by Apothegm Designs.

Author Login

Terms Of Service

DCMA Compliance Notice

Privacy Policy