Possible DDoS attack? [closed]
https://stackoverflow.com/questions/6831042
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am getting hundreds of lines of the same request in my access logs as of July 4th. This one came up thousands of times in the hours around this date:
86.128.198.216 - - [22/Jul/2011:00:44:16 +0100] "GET /404.htm HTTP/1.1" 302 414 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"
There are others too - prior to the above lines there were hundreds instances of this:
92.23.237.48 - - [21/Jul/2011:23:36:24 +0100] "GET /404.htm HTTP/1.1" 302 414 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.6; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; eSobiSubscriber 2.0.4.16; .NET4.0C; InfoPath.1; BRI/2)"
And many other similar IPs that are requesting 404.htm hundreds/thousands of time. Consequently we've exceeded our 100GB bandwidth and our site is currently down.
The website is tiny (with about 2-3000 visits a month) and I just can't really work out what's going on. Any help/advice would be appreciated as I generally don't deal with the administrator side of the web as, until a few months ago, we had a guy who dealt solely with that.
Waiting for my webhosting company to figure this out is painful.
Thanks,
Rich
Solution
I'm not an expert, but here are my findings:
One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Your situation appears to fit the description. Here are helpful links:
