Some stupid guy thought it might be a good idea to hammer my poor little server.
The guy at baserver.proservis.net requested a lot of pages at random and at very high speed. Looking at the website did not give more informations: just the words « coding.. » and an e-mail address. Googling for that domain name revealed a lot of web server statistics pages on random websites, but there was one entry that caught my eye: the blog of Mark Turner with a very interesting post about what could be going on.
My answer for the moment:
iptables -A INPUT -s 184.108.40.206 -j LOGDROP
iptables -A OUTPUT -d 220.127.116.11 -j LOGDROP
Turns out he has another IP address: it will be blacklisted as well:
iptables -A INPUT -s 18.104.22.168 -j LOGDROP
iptables -A OUTPUT -d 22.214.171.124 -j LOGDROP