One reason for my journal is to document some pretty arcane technical information, like … oh … surviving a DDoS (Distributed Denial of Service) attack [1]. Good thing too, because one of the servers I manage—the ones that typically get hacked and attacked [2], was under attack today.
Annoying, but nothing that I couldn't handle.
After blocking some 3,100 IP (Internet Protocol) addresses, I was of the opinion that the source addresses were forged. While it's possible that some hacker or hackers had control of thousands of zombie boxes, it was curious as to why they were attacking the particular sites—just small marketing sites that, as it turned out, were no longer used.
Once I found out the sites under attack (all under the same IP address) were no longer needed, it was a simple matter to take down the IP address under attack.