I've recently been going through my IIS 5 web log files. I have a Windows 2000 dedicated server, which is primarily a shareware download server (I am a shareware author). I've noticed that one of my least popular programs happens to be the target of a HUGE, VERY HUGE downloading binge. In fact, the tremendous number of downloads of this very unpopular program appears to be a denial of service attack. This unpopular program is over 1mb in size, and within a 90 second interval, this unpopular program is getting "hit" (downloaded) 50+ times! And when I reverse lookup the IP addresses that are downloading this file, I see that the majority of them can be traced from outside the USA. Mostly from England and Europe. Can anyone figure out how 50+ servers from around the world can all decide to download my least popular program all within a 2 minute period? And as I review my web logs, this type of "blizzard of downloads" keeps reoccurring several times each day, but always the same filename is being downloaded, and always within a 2 minute window.
You can see a snippet of the Web log in question at: http://18.104.22.168/temp/attack.htm
(I have changed my real IP address with 22.214.171.124 in the online sample.
Any idea how this could be occuring, and what I can do to stop this?
There are two other EXEs (downloadable shareware programs) that are also being "hit" in a similar 2 minute barrage of downloads that I can see in the LOG files. It's as if there are zombie machines out there, hardcoded with attack software specifically trying to target my website, and all set to "go off" (attack) in sync.