Denial of Service Attack Attempts To Silence Urban Review
If you tried to reach this site yesterday between 1pm and 2:30pm you may have noticed it acting really slow. Well, the reason is my site was being repeatedly attacked.
From my web host:
The computer that’s flooding your site with requests has an address of […I’m not quite ready to go public with the IP just yet].
Yesterday between 1 p.m. and 2:30 p.m., the computer with that IP address hammered your site, sucking up 109,324 pages, 109,853 hits and 5.51 GB (gigabytes!) of bandwidth. It was making 20 requests a second. It’s possible that somebody wrote some sort of automated script that went awry. It’s also possible that someone was maliciously trying to shut down your site.
Here’s a typical line from the access log:
[The IP address was here] – – [15/May/2006:14:06:26 -0400] “GET / HTTP/1.0” 200 12765 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)”
In the 18+ months I’ve had my blog this has never happened. Now what could I possibly be saying that would warrant an attempt at shutting down my site?
The code above, I’m told, makes a request for the home page twenty times per second. Other code included a repeated search. Several internet experts are now examining the log as a denial of service attack is illegal. Our server’s ISP will be contacted to help in the investigation of the source.
I know where the attack appears to have originated. At this time I am not releasing that information until after the web gurus have had a chance to verify if this was actually the place of origin or if the IP was falsified to implicate an innocent party. All information gathered will be turned over to law enforcement.
– Steve
Please do press charges, or sue civilly, about this. The people deserve to have these dirty tricks brought out to the light of day.
Noticed that yesterday. Was wondering what it was. I have my own supisions of who it was, although I’m thinking slightly outside the box for who actually did it. I’m probably wrong though.
Wouldn’t it be great if all this civil unrest led to more (responsible) stl citizens running for stl public office?
My alderman isn’t progressive enough for me. I’m sure there are some people on here that may want to run. So, is this just the beginning? Are we going to take back our city one ward at a time? When is the next election for alderman? I’ve thought about running…:)
Keep up the good work and spread the word about your site! The more concerned urban dwellers there are in this City, the better our city will become!
As for the attack on your site – it sickens me and I hope the political thugs who did it are caught and, as anony said, brought to the light of day.
From my computer consulting background, it looks from the information presented (all I have to go on) that rather than an attempted DOS, more likely someone was “downloading” (more accurately copying) your website/blog. This could be for indexing purposes, or for offline storage. The motivation behind copying your website could be good or bad.
To find out more information on who was doing this, you can run a name server lookup on the IP address you have, but that will only resolve back to the host ISP. If this is IP is on a private network, with registered IP addresses, you can possibly obtain additional information, but most likely they are hosted by an intermediary ISP.
[REPLY Thanks for your feedback but others that have reviewed the full log indicate the code was trying to load the main page 20 times per second. That, they say, is a form of DoS. I know exactly where the IP address is pointing but I need to confirm a few things before going public. – SLP]
Do not taunt Happy Fun Ball.
Steve, go after these people. I disagree with much of what you write, but I think your site is great nonetheless.
Get them! Those cops need practice bringing down the script kiddies.
If it’s someone local, post their mug a la Smoking Gun.