It isn't unusual for a busy site to be accessed by a group of machines looking for links, or email addresses to scrape. If it bothers you, there are some firewall options that will dynamically block IPs that reach a particular number of connections and then release them when activity subsides - but you may be blocking legitimate users or search engine spiders by doing so. It's a feature best used for real-time databases of hacked networks or blacklisted IP addresses.
An actual DDOS would flood server's network interface. If the target was actually your site you would see hundreds of connections (if any). The last time I was attacked vbulletin was showing only a few users, but my webserver had queued hundreds of instances.
|