The webserver which is hosting abuse.ch and ZeuS Tracker is currently under high system load due to a ongoing DDoS attack against the blog (abuse.ch). The DDoS has started yesterday 02:00 pm (UTC):
The origin seems to be the same as last time (see previous post “DDoS Angriff & Joe Job gegen abuse.ch (german)”). Fact is, that the bots are using the same user agents as during the attack last year:
If we google the user agent above we will find some interesting information about the origin of the DDoS attack:
Source: MWBlog: “Illusion – Now you see me, now you don’t”
Currently it seems that the DDoS mitigation was successfull so that abuse.ch is now up and running again (but unfortunately with a high response time because the DDoS attack still goes on). Let’s see what happens in the next few hour/days.
Stay tuned.
Keep up the good work! – As of 17/2/09 Tuesday evening, I can load Zeus in my browser, but it does take a bit long to load pages.
At least I can see the site and the evidence.
What did you do to stop this attack? My own server is under attack by the same user agents mentioned above. Cheers
To stop such an attack without a ddos prevention device:
install a squid in front of apache.
create acl lists to deny access for these user agents
parse the squid log for denied ips and add them to iptables (preferably using a script)