On the DDOS attack on Scienceblogs

Scienceblogs management informs me:

Let me apologize again for the problems that many of you and your readers are experiencing. The attack is ongoing, originating from Turkey and Qatar, and until it stops, Rackspace must block IP ranges in order for the site to be accessible to anyone. They are also unwilling to manually unblock hundreds upon hundreds of individual IPs. They have advised that we invest in a firewall and additional services from them, but we are still working out what these will cost and how effective they will be. I am not sure if I was correct in thinking that these attacks are not malicious, but I said so because we were told the attackers were trying to use our servers as an open proxy, with the request "GET http://www.kosmodiskmedikal.com/ HTTP/1.1." Upon reflection, I have no idea what that means.

Of course, if you are one of those people whose IP is blocked, you won't see this...


More like this

I don't know what it could mean either.

But it is curious that SBS TV in Australia has been flooded with stupid ads for (what seems to me to be a bogus product for back pain) Kosmodisk (Sp?).

Uh, how about auto reply with a status update to E-mails to webmaster@scienceblogs.com

Would seem like rackspace could be more cooperative. Their algorithms seems like they need tuning,

Richard Seibel

By Richard Seibel (not verified) on 15 Mar 2011 #permalink

Yes, a reply (automated) would be helpful. My IP in Cyprus (note to webmaster - Cyprus is not Turkey unless both the occupied North of Cyprus and the free South have the same IP, which is unlikely as they were separated in 1974) is still blocked, as are three proxies I use in the UK.
Now, an attack from Turkey, I (and any Cypriot) would believe, but to block the UK?
As it is, I can get thro' via a proxy in either Germany or Canada (but not the Netherlands).

What's this about RSS? I can't update my rss feed from home either, only from work. (I'm in Denmark.)

Hi :)

I don't know what Rackspace is doing, but seems their filtering algorithm is rather lousy.

I work for an ISP. One of our IP address ranges works perfectly and the web server response is excellent, and another one seems to be blocked.

Looking at traffic statistics I don't see any of our users taking part in a DoS attack. Is it possible to have it sorted out? Seems some Spanish prefixes are filtered as well.