DOS Attack coming from wsjproxy2.dowjones.com
In a couple days wsjproxy2.dowjones.com has loaded the main index of a PHP webpage 1,810,000 times. I have a logfile to verify this. It looks like he had 3 machines total doing this. Appears he used his home computer on a verizon pool-68-161-4-155.ny325.east.verizon.net connection to do a similar style attack and another dow jones proxy. The verizon computer only did 159,736 hits but managed to use over 3 gig of bandwidth and a lot of CPU.
I have used IPTABLES to drop all three of his connections for right now and that attack has stopped. I do have a feeling that another style attack has begun as the machine has become unreachable at times. I will start logging packets if this starts to really become a problem.
I do not want to drop permanently the wall street journal proxy as I have been used as a source by reporters over there in the past. I was going to call them up and ask to speak to their Head of IT about the problem, but figured I would see what suggestions you guys had first.
Thanks!
