We’ve been having trouble the last few weeks with apache runaways on our webserver. We thought it was related to the dying hard drive – it’d throw a read error, maybe apache would freak out and go crazy, maybe it would pull bad data of the swap partition, we didn’t know; we were guessing.

Now, that drive was dying – hard, we barely made it to our scheduled replacement downtime weekend and getting back online by Sunday took lots of work – so none of that time was wasted. But we went down under similar circumstances almost immediately.

So this time I was on watch, with a bunch of utilities running, when it happened again.

We were under what amounts to a smallish DDOS attack. I don’t have the right kind of counting software, but I estimate it was northward of 10,000 requests per minute, mostly of GETs on random points throughout angelahighland.com and crimeandtheforcesofevil.com that invoked php. It was coming from a range of machines in Israel and Europe.

That all looks pretty standard, except for the part where they all go back to the same ISP. So now I’m wondering whether it’s less DDOS attack type intentional and more DDOS attack type incompetent websweeping software under development.

I’ve sent mail, but they’ve had a business day to respond, and haven’t.

Anyway, we handled it, via blocking and tools. Seeing one of these in progress – there were actually two separate rounds – was kind of exciting. The great part is that we stayed up throughout. They didn’t take us down, and while we were dropping a lot of requests, we never fell off the net. If this is affecting anybody I’d be really surprised, but if it is, let me know.