For the last couple days, one of our client's virtual-hosts on one of our webservers has been DDOSed with tons of HTTP requests composed of: GET / HTTP/1.1 Host: example.com I wrote a quick script to firewall any client that makes this type of request, and already have about 3,000 unique ip addresses in my input filters. They're all window boxes from what I can tell. They coming in from lots of differnet networks. Our client's website does not get very many hits per day -- and a few thousand zombies seems like an awful lot to throw at a relatively unpopular/small website for a small, locally owned business. Is an attack with a few thousand zombies considered commonplace nowdays? Attached is a current list of attacking computers. TIA
This archive was generated by hypermail 2b30 : Sun Mar 17 2002 - 18:03:56 PST