As we receive feedback from and to which, for example, the term "DDoS" is wrong at a single IP address, here a short explanation why the name is correct:
In a single domain or IP address to access many different IP addresses (DDoS). These are with fail2ban on certain characteristics such as specific user agent (Firefox 1.x, 2.x) or specific URL Views: domain.tld / file-gibts-nicht.txt determined and locked.
These are then more than (default) reportet 4 Views of us.
From the point of view of the recipient of the reports, it looks like a DOS (since only one IP has been reported). From the perspective of the affected server, it is of course a DDOS.
Love Recipient of a ApacheDDOS report: please check the client because these infected with a trojan and are part of a botnet.
These are IP addresses which create honeypot forums, wikis or honeypot honeypot domains guestbooks or comment feature entries that different URL's (buy Viagra ....) bespammen.
Here many comments to be made manually via a VPN service provider.
And yes, a comment on a blog with as:
[url=http://www.tramadol2011.co.cc]morphine tramadol dosage equivalent[/url]
Is as bad as SPAM!
These are main messages through multiple already 5xx messages.
If a mail server hard errors such as the following does not understand, this is misconfigured or a bot:
Mar 13 10:14:03 server5 postfix/smtpd: NOQUEUE: reject: RCPT from unknown[220.127.116.11]: 554 5.7.1 Service unavailable; Client host [18.104.22.168] blocked using xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=22.214.171.124; from=<anwalttzv @gmx.de> to=<firstname.lastname@example.org> proto=SMTP helo=<gmx.de>
And even if this means accepting the spam mail was stopped, the PC / server is still infected and sends it to another server, which uses spamhaus.org not a spam mail!
On pages written in h2 that all registrations and postings reported. Most IP addresses are also on http://stopforumspam.com listed and will pass it on to SFS.