Third party cookies may be stored when visiting this site. Please see the cookie information.

IT Security: Denial of Service Attack / Incident

I have had a couple of Denial of Service issues over the last week against this website and www.firstaidquiz.com.

The first I believe was with malicious intent, and was unsuccessful. After the earlier attempt Cyber Vandals during June I added some Denial of Service detection code to the quiz engine which appears to have successfully protected the server. Although the DoS detection is not immune from accidentally blocking genuine users I feel it's very unlikely in this case. If it was a genuine logon attempt then several users thought it necessary to attempt multiple logins within seconds of each other. The biggest entry was for a user that tried to login 9 times within 30 seconds. I believe that this is fairly conclusive evidence of an attack attempt.

Whilst I will admit that I would not be able to protect against a determined Denial of Service attack, as to do so would risk causing more inconvenience to normal users and certain attacks are almost impossible to protect against, such as the distributed denial of service attacks that have been successful against some big names in the past. I can at least now protect against some of these attempts.

This appears to have come from a computer connected to "MERIT Network Inc." in Michigan in the USA.

"Merit Network is a non-profit corporation based in Ann Arbor whose mission is to make Michigan a showcase for high-performance networking."

The second Denial of Service was successful, but as far as I know had no malicious intent as it was caused by the electricity supplier. The problem was that in the early hours of this morning there was a power failure affecting some of the Coventry area. Without having the finances to cover the cost of a proper UPS protected system this did mean that the server went down for a few seconds whilst it restarted. It does not appear that anyone was actually using the server at the time, as using my LogInfo Log Analysis Software I only recorded one http request for a html page, and that was a while before the power cut.

You may have noticed some additional adverts on my websites recently, this is not a money making scheme but an attempt to cover some of the costs of running the servers and hopefully enabling me to add new features / better performance in the future.

Whilst I've been a member of the Amazon Associate scheme for some time that has never actually had any returns. It does however provide a convenient way of including images of items I've reviewed (without any copyright issues) and can make it more convenient for someone wanting to purchase the item, so some of those ads will remain.

The new google ads appear to have more potential for making money, but are still a long way off the cost of hosting my websites on a hosted server. To be able to continue to add all the features and run multiple websites I really need to be looking at a dedicated server (or at least a virtual dedicated server), but they cost considerably more than the low cost solution I have at the moment. In the meantime any amazon purchases based on clicks from these websites, or clicks on Google adverts will help towards meeting the future costs.

I do hope that the ads will not be seen as intrusive, and I can assure you that my reviews are not influenced by the inclusion of ads that have the potential to earn money (at the current rate there is little possibility of actually getting any return from the product reviews).


» PenguinTutor Facebook page