DOS'ed
Markus pointed it out to me that my server showed some "Bad Gateway"; errors. I ssh'ed to it and interestingly, my server also behaved REALLY sluggishly.
Lookind at my access logs for marc-seeger.de, I can only assume sombody went crazy for my site:
[…]
87.78.224.179 – - [14/Jun/2009:23:32:26 +0200] "GET / HTTP/1.1"; 200 13851 "-"; "JoeDog/1.00 [en] (X11; I; Siege 2.69)";
87.78.224.179 – - [14/Jun/2009:23:32:26 +0200] "GET / HTTP/1.1"; 200 13851 "-"; "JoeDog/1.00 [en] (X11; I; Siege 2.69)";
87.78.224.179 – - [14/Jun/2009:23:32:28 +0200] "GET / HTTP/1.1"; 200 13851 "-"; "JoeDog/1.00 [en] (X11; I; Siege 2.69)";
87.78.224.179 – - [14/Jun/2009:23:32:30 +0200] "GET / HTTP/1.1"; 200 13851 "-"; "JoeDog/1.00 [en] (X11; I; Siege 2.69)";
87.78.224.179 – - [14/Jun/2009:23:32:33 +0200] "GET / HTTP/1.1"; 200 13851 "-"; "JoeDog/1.00 [en] (X11; I; Siege 2.69)";
87.78.224.179 – - [14/Jun/2009:23:32:34 +0200] "GET / HTTP/1.1"; 200 13851 "-"; "JoeDog/1.00 [en] (X11; I; Siege 2.69)";
87.78.224.179 – - [14/Jun/2009:23:32:35 +0200] "GET / HTTP/1.1"; 200 13851 "-"; "JoeDog/1.00 [en] (X11; I; Siege 2.69)";
[…]
The JoeDog / SIege User agent seems to be part of a sofware used for performance testing.
Seems to be a DOS attack :-/
Let's look at the amount of data already used:
1 2 |
cat logs/marc_seeger_de.access.log | grep JoeDog | wc -l 2203 |
Now let's look at the IP:
1 2 3 |
Host xdsl-87-78-224-179.netcologne.de Location DE, Germany City Troisdorf, 07 - |
I wrote an abuse mail and dediced to simply block the referer in nginx using:
1 2 3 |
if ($http_user_agent * JoeDog) {
return 403;
}
|
This reminds me, I need to implement more caching. Maybe Rack:Cache