Ask Your Question

Revision history [back]

Inquiry about DDOS-like activity

Hi Team,

Today AWS alerted us of DDOS-like activity originating from our media download requests on November 5th. An example of the logs they provided below:

11/5/2021 14:11:04 1166638 52.203.173.86 GET d1aq9hj1j4zic2.cloudfront.net /Property/P6/BCAR/322434/4/0/0/ab1fbf375fb1dcc3502f9883079d891d/7/f250aa55cf3e2b5735db07952ba4378b/322434-4.JPG 200 - rh-dip-media-downloader/1.0%20(MLS%20Listing%20Media%20Downloader;%20support%20at%20rockethomes%20dot%20com) Hit p94nF33uS93w8MwmbWIlj9Ys0utS8an5YfJazvKF7YcaDODqQg3Owg== cdnparap60.paragonrels.com https 349 0.022 - TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 Hit HTTP/1.1 30304 0.006 Hit image/jpeg 1165745

If possible we would appreciate some additional information to help us resolve this behavior and stop the unneccesary requests to your system:

  • During what timeframe(s) were the DDOS-like behaviors seen?
  • For which MLS Feed(s) was the behavior seen?

  • Can we get any additional logs/examples of what Paragon was seeing during this timeframe(s)?

  • Can we get metrics around the requests causing the behavior? # requests within a 5-10 min period, etc
  • Any additional information that would help us identify the nature of the behavior that triggered this notification

Thank you