Lame DoS from 204.93.60.188 and friends

2 replies [Last post]
RaT
RaT's picture
Offline
SX High Council
Joined: 2008/03/12

This was a funny one. Despite not even churning up 30% usage on 1 of the 32 cores our new server has - this guy tried his attack at least 1,631,962 times. You would think this particular attacker would be bright enough to figure out that our server is configured to prevent this type of lame DoS. It's stuff like this that makes me think there are a group of wannabe hackers out there that spend their free time trying to bite their ears (when not attempting lame DoS) Tongue

This attack also saw some traffic from these additional IPs:
50.117.80.135
89.253.109.119
198.144.116.205
204.14.79.154
204.14.79.254
204.93.60.18
204.93.60.129
204.93.60.191
204.93.60.216
216.172.147.100
216.172.147.174
216.172.147.184

Same lame GET DoS that we've been seeing for months from VB and friends.

Start:
204.93.60.129 - - [19/May/2013:17:05:14 -0400] "GET /?= HTTP/1.1" 403 368 "http://www.soldierx.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
204.93.60.129 - - [19/May/2013:17:05:14 -0400] "GET /?= HTTP/1.1" 403 368 "http://www.soldierx.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
204.93.60.129 - - [19/May/2013:17:05:14 -0400] "GET /?= HTTP/1.1" 403 368 "http://www.soldierx.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
204.93.60.129 - - [19/May/2013:17:05:14 -0400] "GET /?= HTTP/1.1" 403 368 "http://www.soldierx.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
204.93.60.129 - - [19/May/2013:17:05:14 -0400] "GET /?= HTTP/1.1" 403 368 "http://www.soldierx.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"

End:
204.93.60.188 - - [27/May/2013:04:02:10 -0400] "GET /?= HTTP/1.1" 403 369 "http://www.soldierx.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
204.93.60.188 - - [27/May/2013:04:02:10 -0400] "GET /?= HTTP/1.1" 403 369 "http://www.soldierx.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
204.93.60.188 - - [27/May/2013:04:02:10 -0400] "GET /?= HTTP/1.1" 403 369 "http://www.soldierx.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
204.93.60.188 - - [27/May/2013:04:02:11 -0400] "GET /?= HTTP/1.1" 403 369 "http://www.soldierx.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
204.93.60.188 - - [27/May/2013:04:02:11 -0400] "GET /?= HTTP/1.1" 403 369 "http://www.soldierx.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"