update from joe on the bot attack or whatever this is:
It's some sort of Slowloris attack that won't trip any filters (mod_security, mod_qos, CSF firewall, etc. etc.). I've setup Nginx as a reverse proxy in front of Apache, still nothing. The connections keep coming. At this point the server load isn't the problem anymore, it's only around 5 right now and you've got 8 processors - so plenty of POWER to keep things going but they're holding onto ports and tieing them up.
Not that it makes things better for you, but you probably aren't the target for the attack. The way this looks you're probably just interference to hide someone's tracks while they're attacking a much bigger target. You're just going to have to wait it out unless you can find someone better than me at mitigating this. There are at least 3,000 IP addresses coming at you, and the better we get at fighting it the more are hitting you.
Good night. Maybe they'll stop by tomorrow. It costs money to run these bot attacks, especially at this magnitude. It won't last forever, and I'm surprised it's been this long.
then i got this:
Ignore my last email. Laid down in bed and had another idea. 3 lines of code from my phone while lying in bed, and all 3000+ bots are GONE. Pretty sure I got those [censored].
Still getting an occasional phpbb error because of the Nginx connections while they're still attacking (it's doing the blocking). I might have fixed it but I'm not sure. Haven't seen the error in a while. Either way I'm going to bed now for real.
, kept by parrots
Sysop - forum.thinkpads.com
*She was not what you would call refined
,She was not what you would call unrefined,She was the type of person who kept a parrot.