DDoS Attack Log Analysis Question
jim at ohlste.in
Sat Oct 10 18:12:45 MSD 2009
Maxim Dounin wrote:
> On Fri, Oct 09, 2009 at 07:40:57PM -0400, Jim Ohlstein wrote:
>> The nginx forum had a DDoS attack which took the site down this
>> morning. In approximately 23 seconds there were just under 900,000
>> lines in the error log that looked like:
>> 2009/10/09 10:21:38 [alert] 32576#0: accept() failed (24: Too many
>> open files)
>> First question is do each of these entries represent an attempted
> No. This is configuration issue lead to infinite loop which can't
> be resolved until more files can be opened.
Thank you. I found it hard to imagine that there were that many requests
in such a small period directed at such a small site.
> Since this looks like common configuration issue, probably we need
> some accept pause in such situations...
> Maxim Dounin
More information about the nginx