no, I'm surprised I didn't notice it yesterday as I have a monitor dedicated to displaying server loads over my desk. That VPS's normal load is very low. All 30 sites on it are very low traffic and it's not uncommon to see 0.00 load averages. 15 min average is 0.08 right now on a 24 core VPS. Server is just rolling out of bed..lol
188.8.131.52 - - [17/Oct/2013:06:43:38 -0700] "POST / HTTP/1.1" 404 11405 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
This "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" UA has been hitting tons of sites for more than a month now. I always recommend to block it at the HTTP level (in Apache configuration file preferably, otherwise in a .htaccess file).
★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
★ NinjaMonitoring : Monitor your website for suspicious activities.
So I left the account in bandwidth suspended (7gb) for the rest of the month hoping they would go away. But apparently not. still getting a post "flood" to that account. On average, it's probably 1-2 posts per second. But I was very surprised that the suspended account still managed to get from 7gb bandwith to 17gb, *while suspended!*
At this point it's more annoying than anything. Just wish there was a way to drop the connection instead of dignifying the request with a reply. I suppose I could try blocking the user agent, but that still sends a reply. There doesn't seem to be a way to drop a connection in htaccess or search a UA in iptables..
As others said, this looks like a small layer 7 attack (HTTP POST obviously). As long as it's not affecting performance, you should be fine. If the attack grows larger, the most easy and professional solution would be to get a DDoS protection. As long as the flood stays small, you can also use something like fail2ban or LFD to write a regex which matches the request patterns and bans IPs who send more than 2 of these requests within 30 seconds for example.
█ JavaPipe LLC: Global Tomcat Hosting & DDoS Mitigation Solutions
█ In business since 2001 | Contact us: salesrequest[at]javapipe.com
█ Remote Protection | Dedicated Servers | Virtual Servers | Unmetered VPS | Tomcat Hosting