Recent "Internal Server Errors" Caused by Denial of Service Attack...
3950 | 38.99.44.104 | 57 min 32 sec | |
2277 | 64.1.215.164 | 32 min 17 sec |
The big number on the left is the number of hits from the IP address listed that the site received in the last three days... for scale, the third biggest number of hits was only 130.
I suspect that these IP addresses have been spoofed, i.e. we are supposed to believe the attack is coming from them (both in the Washington DC area, hmmm!) as if we didn't know that real "web terrists" cover their identity with the simple method of spoofing someone else's IP. And choosing an IP to spoof that will make the person all paranoid and stuff.
To any site admins who notice internal server errors, check under Administer/Logs/Top Visitors to look for this kind of attack and block the offending IP address (at least makes the responsible parties have to work harder by spoofing a new unbanned IP each time we catch 'em!)
All in all I'd say we're being pretty effective if these methods are being used to try to silence us!
Hey... good to know
I have noticed some internal server error messages in the last week AND I was looking at that log and noticed the "Top Visitors". I'll keep an eye on it.
By the way, if you're a regular annoymouse who has a reason for not registering and your IP gets banned, be sure to let us know ASAP. You can email me at ye olde Yahoo.Â
Here's who you need to address:
The IP's resolve to PSI.NET, that I believe is a hosting provider that also caters to hosting resellers.  A lookup I performed found the IPs to be associated with
 CUILL.COM
 http://www.cuill.comÂ
From this page:Â
http://www.cuill.com/twiceler/robot.htmlÂ
find the following regarding the IPs in question from your log:
Twiceler Info
Twiceler is an experimental robot. The user-agent is “twicelerâ€. It could take 24-48 hours for us to re-read your robots.txt file. If you need something blocked immediately, please let us know. We crawl from the following IP addresses:
38.99.13.121 38.99.44.101 64.1.215.166 208.36.144.6
38.99.13.122 38.99.44.102 64.1.215.162 208.36.144.7
38.99.13.123 38.99.44.103 64.1.215.163 208.36.144.8
38.99.13.124 38.99.44.104 64.1.215.164 208.36.144.9
38.99.13.125 38.99.44.105 64.1.215.165 208.36.144.10
38.99.13.126 38.99.44.106
If you have questions or concerns about Twiceler you can contact Jim (crawler(at)cuill.com). He's the guy who keeps track of Twiceler, when he's not busy with his horses.
Gretavo,
You may want to edit your robots.txt file to deny CUILL.COM's obnoxious robots from future scanning.
At least they are up front about what they are doing, though they must be having HAL9000-like problems with their robots.
Peer to Peer networks would
Peer to Peer networks would be harder for DoS to hit. Another reason why I was saying it should at least be invested. : / The DoS prolly came from zombie terminals that were comprimised through spyware then coordinated from somewhere else. A linux box I had in college was hacked by some script kiddie who implemented something along those lines. Luckily they didn't erase the root .history file. Definitely report this to the FBI.
Call the FBI?
Why call the FBI and have them waste valuable resources better spent tracking Americans, uh, I mean El CIAduh?  The domain I gave above, CUILL.COM, manages those IP addresses in question.  They have a page explaining that they are used for an experimental webbot, “twicelerâ€.
They offer to block “twicelerâ€Â from crawling a domain immediately.
Admittedly, I have no idea how quickly they will respond to such a request. But, there is another option.
 robotstxt.org
Â
http://www.robotstxt.org/
"This is the main source for information on the robots.txt Robots Exclusion Standard and other articles about writing well-behaved Web robots."Â
Write a robots.txt file that tells “twiceler†to take a hike. Â
Robots Exclusion, two ways:
The Robots Exclusion Protocol A Web site administrator can indicate which parts of the site should not be vistsed by a robot, by providing a specially formatted file on their site, in http://.../robots.txt.
In a nutshell, when a Robot vists a Web site, say http://www.foobar.com/, it firsts checks for http://www.foobar.com/robots.txt. If it can find this document, it will analyse its contents for records like:
User-agent: *
Disallow: /
The Robots META tag A Web author can indicate if a page may or may not be indexed, or analysed for links, through the use of a special HTML META tag.
For more, see:Â
htts://www.robotstxt.org/wc/exclusion.html
Done deal.