Looks like cpu locked up, memory also jumped. Caused cache proxies to be unavailable

Correcting title as cpu basic graph jumped not load

@John has confirmed it was a (D)DoS

It was distributed so not something we can block

root@cp15:~# cat /var/log/nginx/access.log | awk '{ print $7 }' | sort | uniq -c | sort -nr | head -n 1
 208350 https://miraheze.org/"

root@cp12:~# cat /var/log/nginx/access.log | awk '{ print $7 }' | sort | uniq -c | sort -nr | head -n 1
 226925 https://miraheze.org/"

root@cp13:~# cat /var/log/nginx/access.log | awk '{ print $7 }' | sort | uniq -c | sort -nr | head -n 1
 198560 https://miraheze.org/"

root@cp14:~# cat /var/log/nginx/access.log | awk '{ print $7 }' | sort | uniq -c | sort -nr | head -n 1
 182785 https://miraheze.org/"

This equates to 816620 requests over 16 minutes. ~51038/min, ~850/s

cp13 was mitigated by OVH at 10:04.

IPs are random and not in a net - so can't easily mitigate.

@Owen: Is this worth logging with the NCSC?

It requires a mobile number, I'm happy to fill out the form but don't want to put my personal one.

Please ping here / on email as I'm out so no discord access.

It may be worth reporting.

SRE should have a joint/common UK phone number that can be used by someone in the management team - which should be used in these instances.

NCSC incident 101021-1 refers

The report to Action Fruad has been filed (copy to be sent via email to SRE & Owen).

The NFIB will investigate to see if there is any reasonable action.