So all of a sudden I realized that my web site was loading really slowly. So I hopped on my server to discover that the load average was 55 and climbing!
Top showed me that the top processes were python, and lots of threads. The only thing that runs under python on my server is my Wiki.
So I stopped the Apache server and started looking in the logs.
4586 lines of some asshole trying to edit my Wiki pages. Nice going jack off.
70.85.45.132 – – [23/Jul/2005:15:08:02 -0500] “GET /?action=edit HTTP/1.1” 200 472 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
It looks like he’s been hammering on me since Saturday! It looks like first he spidered the wiki to find all the pages, then he started walking though the list to try and find any that were open for editing.
Since the last time I got hacked I set my Wiki to only allow logged in users to edit it, he’s not going to find any pages, but it’s making the server do a check for each one and running the load up.
So I grabbed the IP address, added a new rule to my firewall and blocked him.
Then I sent a copy of the log file lines and his IP address to abuse@theplanet.com (his ISP.) Doubt that I’ll hear anything about it from them.
Buh-Bye!
