My server is under attack and it is a blog thing.
A number of times every day I get hundreds of simultaneous reads from many different IP addresses, all directed to me by some phentermine-type domain. That domain changes each time.
Example HTTPDD access log:
126.96.36.199 - - [19/Jun/2007:17:59:54 -0400] "GET /blog/?p=97 HXXP/1.1" 200 14645
"Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]"
188.8.131.52 - - [19/Jun/2007:17:59:58 -0400] "GET /blog/?p=210 HXXP/1.1" 200 13714 "hxxp://www.shaablog.com/purchasinggenericdietpills.html"
"Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 98)"
(I replaced the hxxp myself to allow this post to proceed; it said TT, not XX of course)
Anyway, I get HUNDREDS of such simultaneous entries, all from different IPs. That then brings my server to a halt.
What can I do? Any ideas?
I run 2.2