Things are run on a shoe-string, these days, and it’s relatively easy to run a Denial-of-Service (DoS) attack against the
ZOIS sites, even if looks accidental, as happened last week.
The attack, if that’s what it truly was, involved looking for well known weaknesses in popular blogging and administrative tools that we don’t run. These sort of investigations occur almost routinely and usually only come from one IP address. The one on Wednesday seemed to involve a fairly large number of machines, all doing the probes, and doing them repetitively. The IP addresses came from two large, but otherwise anonymous, Unicom subnets, based in Beijing. They looked to be compromised PCs and I was forced to block web-access from the networks involved for a day. But only after I noticed things slowly grinding to an almost-halt.
Not only did network traffic get swamped but one of the Apache-based web servers did too, the one that provides the Examplar and the Blog. Some of this was down to poor error handling that I’d written, making things worse in an ever-so-slightly witty way. So mea-culpa too.
As the only traffic noted from this part of the world tends to be search engines and pointless weakness-probes, I’m sure that there wasn’t a great deal of inconvenience in firewalling Beijing for the day.
Anyhow, things back to normal now. The remedial stable-door bolting is in place. As are the crap metaphors.
Thanks once again to the readers for the feedback. I often write these posts thinking that the only things that read them are the odd passing, and now sometimes malicious, robot. It’s nice to know that there’s the odd human out there too.