VuFind 0.6 Denial-of-Service Attack Aug 30

This morning at around 10:30AM, we started seeing performance problems with Production Oracle. At around 11:15AM, we received an alert from our Production VuFind 0.6 server and some Help Desk tickets about VuFind issues.

After monitoring and analyzing both servers, we discovered that certain IP addresses were using the VuFind system in a way that could be causing problems. They were hitting an older PHP script that was no longer being used, but was still accessible. Although they were receiving "500 Internal Error" messages for their multiple attempts per second, the servers appeared to be launching processes to other servers (like Production Oracle) trying to complete each request.

We have disabled the problem script that is no longer needed and blocked the IP addresses. Everything appears to be running normally now and we will continue to monitor the systems in case this was only part of the problem.

Brandon Gant