I might have been able to stop the attack. When I looked at all the IPs of the requests, almost all of them only occurred once (or twice). However, there was one IP that showed up a good number of times, and it seemed to be doing slightly different things. So I thought that, perhaps, this was a real IP and played a more central role in the attack. I explicitly blocked this IP via firewall — and as of this morning, no more requests!
Of course, I still don't know what the purpose of all this was, and whether they were able to get anything useful.
Perhaps, this is useful for someone else. I will keep monitoring and let you know when they resume.
Of course, I still don't know what the purpose of all this was, and whether they were able to get anything useful.
Perhaps, this is useful for someone else. I will keep monitoring and let you know when they resume.
Statistics: Posted by hasinasi — Wed Mar 05, 2025 12:18 pm