This is the IPaddress(37.59.164.208) calling a hacked script file on my server
37.59.164.208 - - [09/Nov/2012:00:31:55 -0600] "POST /scripts/wp-trackbacks9.php HTTP/1.1" 200 183 "-" "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101
When i traced it i found the location as France and its going to Google homepage when i run it in the address bar. I'm unable to understand this and need your help HN.
6 comments
[ 3.3 ms ] story [ 17.2 ms ] thread< HTTP/1.1 200 OK < Server: nginx < Date: Fri, 09 Nov 2012 11:26:14 GMT < Content-Type: text/html < Connection: keep-alive < Content-Length: 97 < Last-Modified: Fri, 19 Oct 2012 14:01:40 GMT < Expires: Sat, 10 Nov 2012 11:26:14 GMT < Cache-Control: max-age=86400 < Cache-Control: private < Cache-Control: must-revalidate < Accept-Ranges: bytes < <html> <head> <meta http-equiv="refresh" content="0; url=http://www.google.com>; </head> </html>
You cannot DDOS any server, a DDOS attack works primary on web servers, and the server it's coming from isn't likely to have a web server that matters, since it just redirects DDOSing would be nearly impossible to accomplish without a huge effort.
What may be easier is getting the website shutdown, if you trace the host provider or ISP you can file a claim and possibly get their connection or hosting turned off.
1) it would be slightly better to DROP requests to the URL than to reject them and
2) you can DDOS plenty of other servers besides web servers. You're right of course that there likely isn't a server attached to the IP address (though you could likely tie up at least the one thread with programmatic recursion / redirects), but DDOSing isn't particular to web servers at all.
You can also drop requests if per-IP if you are setup on a web provider that has a hardware firewall, but I do not know your setup, so my recommendation was one that would work anywhere.