Yesterday afternoon my web site was unreachable using the HTTP protocol, but I could log in and everything seems fine (CPU activity, disk activity, and the like). I checked the network connections and found a few dozen of HTTP connections originating from the same IP address, apparently in Belarus (according to RIPE). Restarting Apache would clear the situation, but for only a few minutes. Than Apache would get to a halt. Looking in the logs, I found hundreds of connections, within seconds, from the same referrer, a Russian mail management site (from what I could tell looking at the site, that I could not read).

All of the connections were downloading (or trying to download) the same exact file, the 2MB zipped source code of one of my older books. Very odd. Removing the file and restarting Apache fixed the problem. Now I'm not sure if this effective Denial Of Service (DOS) situation was caused by a deliberate attack of a badly working server. Certainly the software at the other hand had a lot of bandwidth at his disposal. I have the Apache logs, where I can find hundreds of hits within minutes, all looking like this (I've removed the IP address and site name):

www.marcocantu.com-access_log:**.***.***.*** - 
- [23/Apr/2007:17:42:52 +0200]
"GET /md7/md7code.zip HTTP/1.1" 206 1557878
"http://mail.******.ru/msg?mesid=1600000000072883661&folder=1600000000000036677"
"Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"

Maybe it was some downloading software used by IE, I don't know. It was not a manual operation, as I can see up to 20 hits within the same second.

Anyway, this was a good reason to do something I wanted to do for some time, that is move some of my larger download files to an external server with lots of bandwidth and space, and not my in-house box or my other online server. So I ended up moving a few files to "Marco Cantu Tech World" Google Group, as this was one of the reasons to set up a private newsgroup anyway. You can now find a few files on the files section of the group. Feel free to sign up to my monthly news update as you are there...