# Anyone ever seen anything like this? DoS attack!



## BMR777 (Apr 27, 2005)

Hello,

Today one of my servers was square in the middle of a DoS attack. I run a small forum hosting website that hosts many PHPBB forums. Some bot or something began crawling EVERY SINGLE FORUM AND DIRECTORY AT ONE TIME! This caused MySql and eventually the server to crash. After about six hours my host banned the bot on a server level by IP, but it's still trying to get in. 

Looking at the log for the bot I noticed something interesting. The bot from this IP keeps changing it's user agent with every request to try and bypass the filters. Here's an exerpt from the log:



> Host: 66.29.115.6
> /5/criticism/
> Http Code: 403 Date: Dec 19 16:29:52 Http Version: HTTP/1.1 Size in Bytes: -
> Referer: -
> ...


Anyone seen anything like this? Any tips?
BMR777


----------



## Pyro-Fire (Dec 22, 2007)

Look up the persons IP and see what kind of info you can get. After which, look up their ISP and give them a call, if you can.
And post the IP of the DoSer please.

http://www.showmyip.com/lookups/#DoLookup


----------



## BMR777 (Apr 27, 2005)

Their IP was 66.29.115.6.


----------



## Pyro-Fire (Dec 22, 2007)

their ISP is Net Access Corporation, and they live in the USA.

Try giving the isp a call, and telling them about this attack against your website.

Include Time/Date of the attack, and IP at the time.

ISP Home:
http://www.nac.net/

Contact details:
http://www.nac.net/enterprise/contact.asp

i recommend you use this number:
Abuse Department (973) 590-5040

tell us how it goes.


----------



## Skie (Mar 15, 2003)

If you haven't already, I would add that IP to your firewall's Deny list.


----------

