There are 21,680 unique IPs that have attempted the DOS POST attack on my server since I noticed it last week.
I received my postal-mail validation code from StartSSL over the weekend. I got around to confirming my identity on-line (after three tries), and have now made my first "Class 2" certificate with multiple domain names. Of course, now it's on me to get the server configured and tweak everyone to start using SSL for the sites.
It's been about a week since it started, and I've blocked a lot of IPs, but there doesn't seem to be an end to the attack. Again, there's nothing critical on the site; it's just a dumb e-mail experiment.
Heh. It's been a day of head-slappers. In my testing of the filter I put in for the Apache config, my own IP was added to the access log. I used the access log to generate the list of IPs to disallow. Suddenly, my own IP couldn't reach my own server.
I don't want to sound like I'm issung a challenge, but it seems like the DOS attack on the server is kind of under control.
Even after limiting the POST requests to the short response, the server's throughput was still being flooded. I changed the server's firewall and prohibited the connections of any kind from 15 countries, including China, India, and Russia; I'll probably change this back before too long, as I'm sure there are some legitimate visitors from those countries, right?
No, I'm not using the Disk Operating System kind of DOS. Rather it seems there's some kind of Denial Of Service kind of DOS going on, directed at my server.