NOTE: Updated 11/15/2016
Attacks have ceased pretty much on the testing server, but I must have pissed somebody off last night. WOOT!
DDOS attacks started in the late evening, starting probably around 21:00 through at least probably midnight. Can't actually tell because I can't access the httpd logs. The positive note is this lead to me asking GoDaddy where the httpd logs are, something I wasn't aware of (in FTP Manager). Bluehost allow access to the server logs, but Yahoo did not when I used them. It's a virtual machine so the logs don't compromise any hosting provider confidential data...
The offending IP addresses were:
- 220.127.116.11 - FR, I know the bot-net there, and they have been getting inverse “Pavlovian Dog” training. I am almost willing to bet the control node resides in this general IP area, for at least one worldwide bot-net. Some of the addresses they control are:
- 18.104.22.168 - UK
- 22.214.171.124 - KR
- 126.96.36.199 - JP
The attack vector is overloading the CMS requesting non-existent tiny_mce. Script-kiddie shit, LOL.
I'm beginning to think I need my own bot-net, based on the idea of the Seawolf class submarines…