Memory Used - 93.8 %?

I restarted the services again and managed to block that IP too.

Now magically the server is staying up and the resources are green again. I think the person that was attacking me before realised their mistake and proxied their IP.

Any ideas on that second IP?

Thanks for your help, this is seriously progressing from the frustrating situation to one where I can finally catch the idiot behind all this.

What sort of proof can I use when I report these inidents?

The problem is that I've dealt with ISPs before and they aren't normally keen on acting. I'll need proof to back up these claims, can you suggest anything?


Output of "tcpdump -n host IPADDR", parts of access log file, etc are usually required when you report abuse.

I've blocked the IPs from last night and been attacked again this morning, is there any form of protection I can get to actually stop these instead of me having to fix it each time?
On the side of software, I have DDos configured properly now and it's stopping all the attacks, so thanks to everyone that helped and advised.

I am still getting reports of attacks, including one IP that had 112 connections today, but DDOS is stopping them in their tracks before the server dies.

Paul, quick question. Do you know how exactly (or a rough idea) these people are doing this? The reason I ask is because I've tracked today's attack to a 6th form college in the UK. I spoke to their head of ICT and he's very keen to help. He's found the exact PC that accessed my site, however when checking HTTP traffic he can only see about 8 connections, not 112 as was reported on my server.

The ICT head said if I can let him know what methods they are using to attack he can check for other traffic, but at the moment has only checked HTTP traffic. If you know of any means that I could pass on that would be appreciated.