Have I been DDoS attacked?

cobito

Hello. Something strange happened today on my little server where I host my blog. At about 2 pm, many instances of 'apache2' started launching. So many that the server got confused and used 2 Gb of swap. It only has 1 Gb of RAM but it's usual to have 200 or 400 Mb free.

It uses Debian 7 updated without a desktop environment. The thing is that all afternoon it wasn't operational (although with a lot of patience I was able to access it) and a while ago I was able to get my hands on the matter.

I expected to find a kilometer-long log file with today's connections but I saw that there have been hardly any since the supposed attack.

The question is whether it's possible that they tried to take down my server in some way without leaving a trace. It seems very strange to me, to be honest.

Thanks.

kynes

You have more than 300 news items. It may have been a "naughty" robot that entered to index you, and did an unintentional DOS. I have a rule in my Apache configuration on my server to not allow access to this type of spider, checking the user agent against a list of unwanted spiders. Just to give you an idea, I have been "attacked" from SEO service websites.

cobito

@kynes:

You have more than 300 news. It may have been a "naughty" robot that entered to index you, and did a DOS unintentionally. I have in my server a rule of the apache conf to not allow access of this type of spiders, checking the user agent against a list of unwanted spiders. To give you an idea, I have been "attacked" from websites of SEO services.

Ok, it makes sense that it could be an out of control robot. It bothers me that there is no trace in the logs but I suppose it will be some bad configuration that I have around.

Thanks.

cobito

Well, it was indeed a damn robot. It's already banned in iptables and I've installed a module to limit the number of connections per IP, although I don't know if it will work because the damn thing doesn't register in the logs when the rest of the connections do <:(