Five days ago we had been hit by something looking like some sort of "attack" which brought down our server.
The BookCrossing server was heavily accessed from very many different IP addresses so that as an emergency measure I had to temporarily block a large IP range.
Next morning I unblocked that again - or so I thought.
I forgot that I had applied the block in two places, but removed it only in one ...
During the last days I was travelling "a thousand miles" by car and therefore had not much chance to cross check.
The support team tried to reach me quite a few times but only today I managed to check and fix.
This "attack" rather looked like a badly misbehaving spider crawling our site at an enormous speed.
But two things were very suspicious, though:
- This source didn't properly identify itself with the user agent (spiders usually do),
- accesses came from so very many different IP addresses (but patterns made clear they were related).