Botnet Attack Continues
My ISP has provided more details about this continuing botnet attack on Cloudy Thinking. I have no idea why my blog became a target. Maybe there is no reason? Maybe I should retract the mildly negative things I’ve said about the NSA?
[tease]
Your site [blog.eronj.com] suffered a major hit from a botnet. There were easily over 2000 different IPs involved in the attack, each IP hitting you hundreds of times, if not thousands.
Most if those IPs are now blocked at the firewall, so you shouldn’t have large hits from them any more. However, we are still logging attempts from those IP addresses — which means the attack has not stopped yet. The attacker may come with new IPs in the future.
Unfortunately there isn’t much you can do at this point. We are doing all we can do to prevent this attack. However, short of taking your site completly offline, there’s not much more that we can do.
In fact, your site was just hit again by another wave of about 200 IPs with about 50 connections per IP. We have added all those new IPs to the firewall.
Please note that this attacker is doing hundreds of connections per IP at once — meaning that he’ll get 100 or so connections before our firewall reacts. It not that our firewall is slow — but that its all happening at the same instant.