possible ddos?
 

My server went down for about 10 mins today. Talked to support the guy said it could of been ddos or password trading. If it happens again they will be able to say without question they are watching the server. It seems 4000 requests to the members area came thru one ip. That crashed the server. Here are the questions would a ddos come thru one ip and only for 10mins? Secondly how many requests at once should the avg server be able to take without crashing?

Re: possible ddos?
 

Sounds more like a password hurler to me because you said one IP. I don't know how many requests a server is supposed to handle until it pukes but I would think a good admin could set it to redirect or deny if you get too many requests in a preset amount of time. You might want to ask them.

Re: possible ddos?
 

NatNet,Mojohost or Caronet monitoring would have proactively caught this.

Re: possible ddos?
 

This should be a non-issue for most any adult host these days. Sounds like a brute force password attack. I'm surprised you dont see that several times a day if you're not blocking it.

And it certainly shouldn't cripple the server even if you let 'em thru.

Off the top of my head, I would only expect that to happen if you were doing something like running perl scripts on the entrance to the members area. Perl is interpreted and can be easily swamped when pounded with volume.

A good SA should be able to look at your logs and see exactly what happened during that time period.