I'm dealing with an ASP site that has been experiencing some downtime recently. It appears that connections from overseas have been flooding the site.
The most recent was last night. The site is a mix of Frontpage (I KNOW I KNOW) and asp. The frontpage sites were ok but the ASP pages were showing No data received error 324 or 'too many connections'.
The host was showing an average of about 200 pageviews a day but there were 2 days where that spiked to 8000 and 10000. I have to do some more research on the raw logs but that sounds like a possible dictionary attack.
Anyway, my question is, does anyone know of any type of firewall that could be plugged into a site like that? I am using an extension in Joomla that will look at incoming requests and block suspicious activity. I also have a product that does that running on a windows server to protect against brute force attacks on the RDP
Another question is that a quick look at the logs does not seem to show the IP traffic that would indicate an attack. My guess is that the actual attack is directed against the hosting control panel. If so, then there probably is little we can do other than to switch hosts. Does that sound logical?