You are reading a single comment by @Greenbank and its replies.
Click here to read the full conversation.
-
Predominantly from one IP.
And low enough in HTTP requests per second to fly just under the CloudFlare automated detection radar, but enough to eventually overwhelm these servers.
There was a rehearsal first, but that was nearly all cached and didn't affect us at all. Then there was the attack itself.
Attachment shows rehearsal and then the attack.
The forum is being attacked.
It's a layer 7 attack, meaning a web application attack.
The requests look like this:
They nearly all originated from Sky broadband connections (which that IPv6 belongs to) and they have been reported to abuse@sky.com which is the abuse email for Sky http://bgp.he.net/ip/2a02:c7f:624:3500:a889:f9e4:656f:6ccf http://bgp.he.net/AS5607#_whois
We received between 30-60 HTTP requests per second for /today/?offset=25 from just before midnight BST through to my turning on CloudFlare this morning.
I'll be adding a rate limiter today to auto block such attacks in future, but in the meantime CloudFlare are handling it.