As of this message, server load is 176 times above normal. We have cut Apache off until the cause of this particular DoS can be determined. Services are unusable when the load is that high anyway, this is just a way to speed up our dealing with the malicious activity.
5:43AM – Situation under control, but being very closely monitored for another recurrance.
Yesterday morning’s Denial of Service attack was caused by Microsoft’s search bot. The offending IP was banned, this morning a new IP address started to attack the webserver with insanely rapid requests. This new IP has also been banned.
We would not ordinarily ban the ip address of web crawlers, particularly those related to a search engine. However, this MS bot is completely ignoring all of the long established rules regarding web crawling search bots and is causing significantly negative impact to warrant firewalling the server off from this malicious activity. Microsoft is launching denial of service attacks by not properly controlling their search bot’s behaviour.
The webserver experienced what appears to be a denial of service attack. We temporarily stopped Apache from serving pages so that we could investigate the cause. A web bot was pulling up cpu intensive pages in such a rapid fashion that the server could not keep up with it. This web bot has been blocked so as to avoid this in the future.
Many clients have noticed that the http://positivefusion.info/status.php page was showing failed/offline services. As we reported yesterday this was due to a configuration issue on this .info domain, and not an indication of actual offline services. We have worked with our host and corrected this issue. As of now the status information is accurate.
Keeping with our general policy of full disclosure, we’re reporting server instability earlier today in regards to very slow page load times and services such as email & ftp failing. This was prior to and not connected with previously planned updates to server software.
This instability began around approximately 1PM EST and continued on and off through approximately 2PM EST.
We have been recently working diligently to configure the server to better deal with cpu overload/load average spikes, and as part of that process we have decided to allow the certain instability related situations to continue through to natural resolution so that we may better understand their causes. With this better understanding we can better insulate the webserver from these situations in the future.
Your cooperation is so very much appreciated.
© 2005 Positive Fusion - Rendered in 0.440 seconds - Powered by Wordpress.