Since we from time to feedback received, the example, the label "DDoS" is wrong at a single IP address, here again a short explanation why the name is correct:
In a single domain or IP address access to a lot of different IP addresses (DDoS). These are with Fail2Ban on certain characteristics such as certain user agent (Firefox 1.x, 2.x) or certain URL Views: domain.tld / File gibts-nicht.txt identified and blocked.
These are then over (default) reportet 4 Views of us.
For the recipient of the reports of view, it looks like a DOS (since only an IP has been reported). From the perspective of the affected server, it is of course a DDOS.
Recipient of a ApacheDDOS -Report: please checks the clients as these infected with a Trojan horse and are part of a botnet.
These are IP addresses which create honeypot forums, wikis or honeypot honeypot domains with guestbooks or comment feature items which other URL's (buy Viagra ....) Bespammen.
Here a lot of comments to be made manually via a VPN service.
And yes, a comment on a blog with eg:
[url=http://www.tramadol2011.co.cc]morphine tramadol dosage equivalent[/url]
Is as bad as SPAM!
These are major messages by already multiple 5xx messages.
When a mail server hard errors such as the following does not understand, this is misconfigured or a bot:
Mar 13 10:14:03 server5 postfix/smtpd: NOQUEUE: reject: RCPT from unknown[188.8.131.52]: 554 5.7.1 Service unavailable; Client host [184.108.40.206] blocked using xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=220.127.116.11; from=<anwalttzv @gmx.de> to=<email@example.com> proto=SMTP helo=<gmx.de>
And even if this means accepting the spam mail has been inhibited, the PC / Server is still infected and sends to another server that does not spamhaus.org employing a spam mail!
On the pages written in H2, which are all registrations and postings reported. Most IP addresses are also on http://stopforumspam.com listed and will pass on to SFS.