so Drew did they just give up and go home or did you help them see the light
do we now have new and improved defense stuff to avoid future problems
They just gave up. They don't want to waste THEIR precious resources trying to steal ours.
Hopefully they'll remember this was a hard nut to crack and not come back. There really is no defense against an attack like that- that I know of anyway.
The way the server is built is to offer resources to web traffic as needed- it "spawns" workers to do the job, and those workers have children workers. A worker does something when a user does something- i.e."clicks" on something or enters the page... It scales up and down depending on traffic or demand. When it gets hammered to a point it has to start launching/spawning multiple new workers it becomes a very suspicious server, and instead starts limiting workers available- slowing things down for users. Purposely. And that's what you guys saw.
The punch line for them (and this is for tech guys more or less) the server runs apache and mpm in an php-fpm environment- meaning if they consume the resources of the server they just just down the virtual box they're unknowingly entering, and destroy their doorway they've spent time and energy making- which is enough time for me to be alerted. The environment here is not running on the bones of the server, so to speak, it's running in a virtual environment created by the server... if a person crushes the servers resources it crushes the virtual environment without ever hitting the server- and when the server comes back it just creates a new one.
Now if "they" were to get into the database they could hurt us and hurt us bad- but there is nothing in the db that should interest them and hitting the db gains them nothing other than the thrill of destroying something. These guys were after resources- as in processing power, as most of them are- they were just doing it with a might ive not seen before here...
