Recently I noticed unusual load on my server, but today it was critical, and it made MySQL unavailable for a less than a minute. Luckily I was working when this happened, so I checked into it, and found that an attacker is using some Chinese IPs to send me 450 registrations/IP/second.
this was huge, server load went up to 150, Apache was processing 934 concurrent requests, so MySQL was flooded and went offline for 1 minute until all connections timed out, and HTTP was almost unusable. All this happened while the server is taking backups, which increased the load a lot. SSH was slow but usable, so I used it to detect and block the sources of the attacks.
After returning the server back to normal operations, I cleaned the logs (450K failed registrations and logins) and waited for the attacker to check the server from another IP, After a few minutes I got a single request to the login page from 66.249.69.4 with timestamp 1415673023 UTC. This IP belongs to Google, and it says it is a Google bot.
My site is not being indexed, I did not get any other request from Googlebot in the next 20 minutes, but I got another batch of DOS attempts from another Chinese network.
I hope somebody from Google would review this story for the possibility that their bot is being used by pirates in DoS attacks, which is obviously against Google's AUP. I also encourage Google to try to detect such unaccepted attempts and report them to authorities, and to the owners of their IPs.
Finally, if you are in Fujian, China, and you want to access my site, please accept my apology for blocking you. To get you white-listed, please send me an email.
this was huge, server load went up to 150, Apache was processing 934 concurrent requests, so MySQL was flooded and went offline for 1 minute until all connections timed out, and HTTP was almost unusable. All this happened while the server is taking backups, which increased the load a lot. SSH was slow but usable, so I used it to detect and block the sources of the attacks.
After returning the server back to normal operations, I cleaned the logs (450K failed registrations and logins) and waited for the attacker to check the server from another IP, After a few minutes I got a single request to the login page from 66.249.69.4 with timestamp 1415673023 UTC. This IP belongs to Google, and it says it is a Google bot.
My site is not being indexed, I did not get any other request from Googlebot in the next 20 minutes, but I got another batch of DOS attempts from another Chinese network.
I hope somebody from Google would review this story for the possibility that their bot is being used by pirates in DoS attacks, which is obviously against Google's AUP. I also encourage Google to try to detect such unaccepted attempts and report them to authorities, and to the owners of their IPs.
Finally, if you are in Fujian, China, and you want to access my site, please accept my apology for blocking you. To get you white-listed, please send me an email.
إضافة تعليق جديد