204.14.79.85 sets a new lamer record

No replies
RaT
RaT's picture
Offline
SX High Council
Joined: 2008/03/12

204.14.78.85 has set a new record with 118,833 DoS attempts. Most lamers figure it out after 10-20 minutes of DoS and the site remaining unaffected. This guy started at July 14, 2013 02:13 am and didn't stop. I eventually woke up and checked my email, saw the DoS attempt notice, and blocked him at the firewall level at 10am.

Same lame attack, just a little more persistent than most.

Small snippet:

204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)"
204.14.79.85 - - [14/Jul/2013:06:25:35 -0400] "GET /?= HTTP/1.1" 403 375 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)"

If these lamers don't stop, I might start calling ISPs for the lulz.