• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Strange HEAD requests on my site, is this a DoS attack?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions

View previous topic :: View next topic  
Author Message
vmasto
Just Arrived
Just Arrived


Joined: 11 Mar 2010
Posts: 0


Offline

PostPosted: Thu Mar 11, 2010 8:06 am    Post subject: Strange HEAD requests on my site, is this a DoS attack? Reply with quote

Hi guys,
I'm new here obviously and since I couldn't figure out where its best to start this thread in I selected this section.

Here's my problem, I own a website www.atticafreepress.gr (could be still offline) and my host just informed me that for the 3rd time in 10 days my site has been violated by someone externally and it actually drained the server to 100% load, thus making every website on it inaccessible.

The logs from the attack are:

98.158.20.236 - - [11/Mar/2010:04:54:27 +0200] "HEAD /2010/02/25/6398/ HTTP/1.1" 500 - "-" "Opera/7.51 (Windows NT 5.1; U) [en]"
98.158.20.236 - - [11/Mar/2010:04:54:32 +0200] "HEAD /2010/03/04/7169/ HTTP/1.1" 500 - "-" "Opera/9.25 (Windows NT 6.0; U; en)"
98.158.20.236 - - [11/Mar/2010:04:54:44 +0200] "HEAD /2010/02/26/6490/ HTTP/1.1" 500 - "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060808"
98.158.20.236 - - [11/Mar/2010:04:54:46 +0200] "HEAD /2010/03/07/7456/ HTTP/1.1" 500 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)"
98.158.20.236 - - [11/Mar/2010:04:54:25 +0200] "HEAD /2010/02/27/6584/ HTTP/1.1" 500 - "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/64 (KHTML, like Gecko) Safari/64"
98.158.20.236 - - [11/Mar/2010:04:54:26 +0200] "HEAD /2010/02/23/6251/ HTTP/1.1" 500 - "-" "Opera/7.50 (Windows XP; U)"
98.158.20.236 - - [11/Mar/2010:04:54:49 +0200] "HEAD /2010/03/05/7215/ HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0"
98.158.20.236 - - [11/Mar/2010:04:54:44 +0200] "HEAD /2010/03/02/7000/ HTTP/1.1" 500 - "-" "Opera/9.10 (Windows NT 5.1; U; en)"
98.158.20.236 - - [11/Mar/2010:04:54:46 +0200] "HEAD /2010/03/02/6934/ HTTP/1.1" 500 - "-" "Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.Cool Gecko/20050609 Firefox/1.0.4"

I have no idea what this is, could it be a DoS attack?

When it happened 5 days ago (different IP) there was a link next to the logs that pointed here: http://groups.google.com/group/tracx/web/tra-cx-pider

I thought it was just a crawler, and unable to find any information whatsoever about that crawler I decided to just ban that IP. Five days later though, there it is again with a different one.

Can anyone provide any kind of help as to what's causing this, what could this attack be and any means to prevent it from happening again?

Thank you so much in advance
Back to top
View user's profile Send private message
H3mp
Just Arrived
Just Arrived


Joined: 07 Mar 2010
Posts: 0


Offline

PostPosted: Tue Mar 16, 2010 5:18 am    Post subject: Reply with quote

It's definitely a DDoS attack. If you had some botnets of your own you could just DDoS the attackers zombies, making for a nice hack war.

Isn't there an option to ban an Ip after so many connections?
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register