Yesterday we noticed severe performance degradation due to thousands of connection attempts by two particular IPs causing even MySQL timeouts
CODE
81.177.139.166 # 81.177.139.166 (RU/Russian Federation/-) - Wed Feb 17 21:23:37 2016
185.130.5.243 # 185.130.5.243 (LT/Lithuania/-) - Wed Feb 17 21:23:50 2016
IPs were blocked, no DDOS retries and looking for further info it seems they are quite ofer used for malware attacks:
https://www.virustotal.com/en/ip-address/81...66/information/