posted on Jan, 1 2011 @ 03:19 PM
This is probably the right forum for this post, but I'd rather it be somewhere where more techies might be reading because I'd like some help
tracing the source of a DOS attack on my web site yesterday. I'll try to tell the story without sounding like I'm trying to plug my web site and
On Thursday night I initiated my 4 computer cores to run their 17 hour process as they do each night. This produces an accurate stock market
"Pressure reading." The number that was spit out yesterday/Friday morning was extremely high. I warned some people at various places on the
Then during the first 15 minutes of the trading day yesterday/Friday, there was a mini Flash Crash of sorts in the stock market. The media ignored it.
My computer program nailed it.
Then, I guess because it disturbed some people who know that the danger DOES still exist of these Flash Crashes, my web site was attacked with
thousands of requests for hours. It began at 5:47 pm Eastern time and had hits of about one every few seconds. Here's one of the thousands of web log
lines... the last one of the day...
184.108.40.206 - - [31/Dec/2010:23:59:50 -0500] "GET /favicon.ico HTTP/1.1" 200 1334 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:220.127.116.11) Gecko/20101203 BTRS35926 Firefox/3.6.13 (.NET CLR 3.5.30729)"
...and the attack continued until midnight:53 Eastern time. All of the IP's were exactly the same. My trace puts it in Rome, Italy. But can anyone
else do a better trace? Could that have just been a proxy server?
Here's the full attack if anyone needs it...
5:47 pm to Midnight
First 53 Minutes of New Years Day
I'm pretty sure this was a true attack. I've been running web sites for over 15 years and this has only happened one other time. That attack was
similar, but was geared more towards burning up bandwidth that I used to have to pay for. The source of THAT attack started in England, and when the
real crime-level of the attack kicked into gear (like once every few seconds), it came from China, Turkey and one other untraceable IP address.
Thanks in advance if anyone can give me answers. The funny thing is, this is exactly the reason why my subscription service does NOT use a "Login"
at my web site. The info I send to subscribers goes out in an eMail every morning.