I'm having a little crisis here, my server went offline a few hours ago, but is back again. It wouldn't respond on anything. At first, everything seemed to be normal and the server was in fact never down. I started searching trough logs and stuff, the windows logs say nothing special, but I found some of these disturbing entries in my Apache logs:
Is this a DOS attack or something? How can I prevent it?
Urgent assistance please!, it seems to pull down the whole server for christ sake. Probably too busy processing those weird packets. Is there any way I can prevent this? It already happened a few other times too. So this log entry is only the tip of the iceberg I'm affraid .
Also, the IP seems to be spoofed, as I cannot ping it (anymore) and seems to be offline. The attacker does seem to use Linux, as he tries to see if my server went physically down using my uptime script.
The server I'm currently running is not very public, it has only one public site that is not of interest for any hacker. He also seemed to be able to get my / of my webserver, viewing the directory contents.
It did with me. I cannot understand how such a string can do such things? And how can it plant a worm that way? .
Well anyway, it did bring my server to it's knees. It wouldn't respond to anything. Tough the server was always on, it was if were the machine was turned off. It must have been *extremly* busy and unable to respond to any request of well yeah, anything