Apache 遭受攻擊,緊急求救!
85.17.97.15 - - "GET http://www.mijasapart.co.uk/Enquiry%20form.htm HTTP/1.1" 200 4083 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
204.15.74.56 - - "GET http://debian.outinamerica.com/servlet/view/banner/html/zone?zid=63&pid=0&custom1=1&keywords=www.outinmadison.com HTTP/1.1" 200 720 "http://www.outinmadison.com/Logon.asp?Refer=/home/discuss.asp&Query=article%5Fid%3D%26return%5Furl%3D%26arttype%3DC%26cmd%3Dcomment" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT Windows CE)"
94.76.199.10 - - "POST http://tabletme.com/pills/viagra.php HTTP/1.1" 200 1376 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
62.33.188.17 - - "CONNECT login.icq.com:443 HTTP/1.0" 200 - "-" "-"
204.9.184.221 - - "GET http://www.leon-lai.com/leonforum.mv?parm_func=showmsg+parm_msgnum=1019485 HTTP/1.1" 404 271 "http://www.presentdebthelp.com/buykontrol-mortgage-on-line-chapter-9-det-dedts-collections-uk.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iRider 2.21.1108; FDM)"
204.13.169.5 - - "GET http://st.glcdn.us/css/sss/main.sss?b=msie6.0&c=00052498 HTTP/1.1" 403 - "http://www.presentdebthelp.com/bayport-mortgage-web-debt-det-consolation.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)"
上面是Apache產生的日誌,每天這樣的日誌有4百萬到5百萬,公司裡面有硬體防火牆(還么有配置好,也不知道該如何配置),公司的伺服器是apache2.2 ,操作系統是opensuse。
用netstat -an 命令查看,發現是:TCP SYN Flood 攻擊:
tcp 0 0 192.168.1.103:80 204.15.74.35:4338 SYN_RECV
tcp 0 0 192.168.1.103:80 204.15.74.48:4666 SYN_RECV
tcp 0 0 192.168.1.103:80 204.9.184.201:4704 SYN_RECV
tcp 0 0 192.168.1.103:80 62.33.188.17:3526 SYN_RECV
tcp 0 0 192.168.1.103:80 204.9.184.206:4137 SYN_RECV
tcp 0 0 192.168.1.103:80 204.13.169.6:2720 SYN_RECV
tcp 0 0 192.168.1.103:80 66.152.184.2:1990 SYN_RECV
tcp 0 0 192.168.1.103:80 92.48.118.83:47811 SYN_RECV
tcp 0 0 192.168.1.103:80 78.85.159.188:12374 SYN_RECV
tcp 0 0 192.168.1.103:80 69.205.55.200:1033 SYN_RECV
tcp 0 0 192.168.1.103:80 204.9.184.205:4350 SYN_RECV
tcp 0 0 192.168.1.103:80 204.15.74.50:2574 SYN_RECV
tcp 0 0 192.168.1.103:80 92.112.245.7:20302 SYN_RECV
tcp 0 0 192.168.1.103:80 38.100.200.230:5098 SYN_RECV
tcp 0 0 192.168.1.103:80 222.216.28.191:3554 SYN_RECV
tcp 0 0 192.168.1.103:80 66.97.163.8:4603 SYN_RECV
tcp 0 0 192.168.1.103:80 72.55.146.236:57298 SYN_RECV
tcp 0 0 192.168.1.103:80 92.48.118.83:56209 SYN_RECV
tcp 0 0 192.168.1.103:80 92.48.118.83:45804 SYN_RECV
tcp 0 0 192.168.1.103:80 92.112.245.7:20351 SYN_RECV
tcp 0 0 192.168.1.103:80 204.13.169.14:3357 SYN_RECV
tcp 0 0 192.168.1.103:80 83.133.119.11:3800 SYN_RECV
tcp 0 0 192.168.1.103:80 66.152.184.8:1111 SYN_RECV
tcp 0 0 192.168.1.103:80 122.145.132.180:44084 SYN_RECV
tcp 0 0 192.168.1.103:80 38.100.202.166:1154 SYN_RECV
tcp 0 0 192.168.1.103:80 78.132.158.186:3640 SYN_RECV
tcp 0 0 192.168.1.103:80 62.33.188.17:3562 SYN_RECV
tcp 0 0 192.168.1.103:80 62.33.188.17:3506 SYN_RECV
tcp 0 0 192.168.1.103:80 90.188.186.119:1225 SYN_RECV
tcp 0 0 192.168.1.103:80 204.15.73.167:4407 SYN_RECV
tcp 0 0 192.168.1.103:80 72.55.146.236:57191 SYN_RECV
tcp 0 0 192.168.1.103:80 62.33.188.17:3588 SYN_RECV
tcp 0 0 192.168.1.103:80 204.9.184.209:4526 SYN_RECV
tcp 0 0 192.168.1.103:80 221.204.188.81:1875 SYN_RECV
tcp 0 0 192.168.1.103:80 217.7.251.69:15897 SYN_RECV
tcp 0 0 192.168.1.103:80 92.48.118.83:56529 SYN_RECV
tcp 0 0 192.168.1.103:80 67.205.67.208:55575 SYN_RECV
tcp 0 0 192.168.1.103:80 66.97.163.6:2892 SYN_RECV
tcp 0 0 192.168.1.103:80 38.100.202.164:4272 SYN_RECV
tcp 0 0 192.168.1.103:80 209.208.100.226:2076 SYN_RECV
tcp 0 0 192.168.1.103:80 204.9.184.209:1321 SYN_RECV
tcp 0 0 192.168.1.103:80 62.33.188.17:3570 SYN_RECV
tcp 0 0 192.168.1.103:80 58.53.128.72:3795 SYN_RECV
tcp 0 0 192.168.1.103:80 94.76.199.2:50900 SYN_RECV
tcp 0 0 192.168.1.103:80 85.17.97.15:37620 SYN_RECV
tcp 0 0 192.168.1.103:80 209.208.100.210:4952 SYN_RECV
tcp 0 0 192.168.1.103:80 204.15.77.99:1346 SYN_RECV
tcp 0 0 192.168.1.103:80 204.9.184.198:2042 SYN_RECV
tcp 0 0 192.168.1.103:80 94.76.199.2:35513 SYN_RECV
tcp 0 0 192.168.1.103:80 66.97.163.8:2138 SYN_RECV
tcp 0 0 192.168.1.103:80 204.9.184.196:2838 SYN_RECV
tcp 0 0 192.168.1.103:80 204.13.169.8:3817 SYN_RECV
tcp 0 0 192.168.1.103:80 208.177.78.6:2013 SYN_RECV
tcp 0 0 192.168.1.103:80 89.2.88.242:64078 SYN_RECV
tcp 0 0 192.168.1.103:80 91.77.186.67:4362 SYN_RECV
tcp 0 0 192.168.1.103:80 95.70.78.35:3316 SYN_RECV
tcp 0 0 192.168.1.103:80 38.100.202.170:2260 SYN_RECV
tcp 0 0 192.168.1.103:80 204.9.184.218:1608 SYN_RECV
tcp 0 0 192.168.1.103:80 66.152.184.4:1308 SYN_RECV
tcp 0 0 192.168.1.103:80 66.152.184.3:4528 SYN_RECV
tcp 0 0 192.168.1.103:80 91.77.186.67:1677 SYN_RECV
tcp 0 0 192.168.1.103:80 62.33.188.17:3525 SYN_RECV
tcp 0 0 192.168.1.103:80 67.205.67.208:55086 SYN_RECV
tcp 0 0 192.168.1.103:80 204.15.73.165:4914 SYN_RECV
tcp 0 0 192.168.1.103:80 204.13.169.5:3073 SYN_RECV
tcp 0 0 192.168.1.103:80 204.15.74.34:4264 SYN_RECV
tcp 0 0 192.168.1.103:80 62.33.188.17:3590 SYN_RECV
tcp 0 0 192.168.1.103:80 204.13.169.6:1273 SYN_RECV
tcp 0 0 192.168.1.103:80 204.15.74.58:3518 SYN_RECV
tcp 0 0 192.168.1.103:80 204.15.74.62:2687 SYN_RECV
tcp 0 0 192.168.1.103:80 92.48.118.83:36507 SYN_RECV
請各位大俠有時間幫小弟看看,具體是什麼原因!
[ 本帖最後由 webeasymail 於 2009-1-4 09:36 編輯 ]
《解決方案》
攻擊你什麼了?
《解決方案》
回復 #2 ttplay 的帖子
攻擊了apache! 導致apche不能正常訪問!
《解決方案》
關注一下,幫忙頂~
《解決方案》
your log file says that NO ONE attacks,good luck.you should go over in detail something else
《解決方案》
不好意思,log是在太短了,我發送一個長點的,的確是遭到了SYN攻擊
雖然知道了syn攻擊,公司也有硬體防火牆,但是不知道該如何解決這個問題!
204.15.74.53 - - "GET http://m.doelog.com/h/sexy_lover/50715&p=w&cid=00535 HTTP/1.1" 502 232 "http://www.presentdebthelp.com/eworks-personaredit-repair-on-line-financial-debts-repair-review.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
76.168.175.250 - - "GET http://videos.southern-charms.com/vid_members HTTP/1.0" 401 484 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8"
118.1.85.116 - - "GET http://209.191.92.77/config/pwtoken_get?login=w743&src=ygodgw&passwd=a945cb8addcf1125dbc026d46e8fd8eb&challenge=Ho9HdwV2j.NrqP8FQac6yQxnKO_d&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
71.94.79.140 - - "GET http://www.youtube.com/watch?v=hirKqgv6F_o HTTP/1.1" 200 100109 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko)"
74.56.163.129 - - "GET http://www.youtube.com/get_video?video_id=sNheRxRAHe4&t=OEgsToPDskJJ6Nnhc315S3tZws4m8weK HTTP/1.1" 303 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Hotbar 3.0; .NET CLR 1.1.4322)"
60.53.205.169 - - "GET http://119.161.12.175/config/isp_verify_user?l=carrie__666&p=carnegie HTTP/1.0" 200 26 "http://119.161.12.175" "-"
221.223.127.27 - - "GET http://www.baidu.com/s?wd=%D0%A1%B3%D4%B3%B5 HTTP/1.1" 200 29916 "http://www.baidu.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GOSURF)"
76.174.238.79 - - "GET http://www.youtube.com/watch?v=eDfDd7p5-DA HTTP/1.1" 303 - "-" "Version/3.0.3 Safari/522.12.1"
67.205.74.207 - - "POST http://ggxx.sub.jp/cgi-bin/patio/regist.cgi HTTP/1.1" 200 945 "http://ggxx.sub.jp/cgi-bin/patio/patio.cgi?mode=view&no=2415" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
24.247.197.100 - - "GET http://217.146.187.242/config/pwtoken_get?login=kulturenskhigh&src=ygodgw&passwd=24a7783ed40c104bde1181eac00bdb32&challenge=SDq_.kV_j.M7qpwWgOs92oYTIn7u&md5=1 HTTP/1.0" 200 4 "-" "MobileRunner-J2ME"
58.53.128.72 - - "GET http://bbs.rxww.net/forumdisplay.php?fid=2 HTTP/1.1" 200 453 "http://www.baidu.com" "mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1;Windows 5.5;Windows 6.0)"
69.56.234.234 - - "POST http://70.87.136.2/cgi-bin/pr/test.pl HTTP/1.1" 200 1545 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
219.132.25.30 - - "GET http://108q.cn/28aa/zc1.asp?m=0&time=1231033309801 HTTP/1.0" 302 155 "-" "NokiaN73-2 wap.c8n.cn"
67.205.67.208 - - "POST http://www.bluearrow.jp/bbs/epad.cgi HTTP/1.1" 200 - "http://www.bluearrow.jp/bbs/epad.cgi?res=86" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
69.205.55.200 - - "GET http://69.147.111.130/config/pwtoken_get?login=love+cash&src=ygodgw&passwd=1476fd1e1c7eda78665776797ad2b0c0&challenge=uZWQxnVwj.Nx3xfpoCgQe.4PmzwY&md5=1 HTTP/1.0" 404 365 "-" "MobileRunner-J2ME"
219.134.228.226 - - "GET http://www.baidu.com/s?ie=gb2312&bs=%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&sr=&z=&cl=3&f=8&wd=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&ct=0 HTTP/1.0" 200 30667 "http://www.baidu.com/s?wd=%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
219.132.25.30 - - "GET http://wap.zdrtmw.com/u.asp?id=144 HTTP/1.0" 302 128 "-" "NokiaN73-2 wap.c8n.cn"
127.0.0.1 - - "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.11 (Unix) DAV/2 (internal dummy connection)"
89.149.254.158 - - "POST http://89.149.254.158/~admin/apost/proxy.php HTTP/1.1" 200 1247 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
98.211.140.87 - - "GET http://www.microsoft.com/en/us/default.aspx HTTP/1.0" 200 105637 "-" "-"
59.53.88.100 - - "GET http://www.ip838.cn/e/search/result/?searchid=8 HTTP/1.1" 403 218 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
71.94.79.140 - - "GET http://www.youtube.com/get_video?video_id=hirKqgv6F_o&t=OEgsToPDskJkuuC4tQRWlnxTOXCnoNZo HTTP/1.1" 303 - "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko)"
72.55.146.236 - - "POST http://lovemailer.net/erocross/sunbbs3/sunbbs.cgi HTTP/1.1" 200 804 "http://lovemailer.net/erocross/sunbbs3/sunbbs.cgi?&dtae=mure&mode=form&no=56235&page=1" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
67.205.74.207 - - "POST http://www.mundojudicial.org/index.php?option=com_fireboard&itemid=26&func=post HTTP/1.1" 200 2914 "http://www.mundojudicial.org/index.php?catid=16&replyto=624&do=quote&func=post&Itemid=26&option=com_fireboard" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
91.77.186.67 - - "CONNECT 64.12.161.185:443 HTTP/1.0" 200 - "-" "-"
76.24.115.218 - - "POST http://musicservices.myspace.com/Modules/MusicServices/Services/MusicPlayerService.ashx?action=getToken HTTP/1.1" 200 161 "http://lads.myspace.com/videos/Main.swf" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
219.132.25.30 - - "GET http://wap.zdrtmw.com/IP.asp HTTP/1.0" 200 605 "-" "NokiaN73-2 wap.c8n.cn"
79.100.41.21 - - "GET http://images.google.com/ HTTP/1.1" 200 5958 "-" "-"
69.205.55.200 - - "GET http://69.147.112.218/config/pwtoken_get?login=youngsmoke&src=ygodgw&passwd=1476fd1e1c7eda78665776797ad2b0c0&challenge=uZWQxnVwj.Nx3xfpoCgQe.4PmzwY&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
89.252.145.18 - - "CONNECT login.icq.com:443 HTTP/1.0" 200 - "-" "Mozilla/7.00 (WinNT; U ;Nav)"
219.134.228.226 - - "GET http://c.baidu.com/c.gif?t=0&q=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&p=0&pn=1 HTTP/1.0" 204 - "http://www.baidu.com/s?ie=gb2312&bs=%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&sr=&z=&cl=3&f=8&wd=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&ct=0" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
89.2.88.242 - - "GET http://n3.login.scd.yahoo.com/config/isp_verify_user?l=blackandre&p=history HTTP/1.0" 999 4703 "http://n3.login.scd.yahoo.com" "-"
69.205.55.200 - - "GET http://209.191.92.77/config/pwtoken_get?login=wintergec&src=ygodgw&passwd=1476fd1e1c7eda78665776797ad2b0c0&challenge=uZWQxnVwj.Nx3xfpoCgQe.4PmzwY&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
202.190.131.125 - - "GET http://n19.login.scd.yahoo.com/config/pwtoken_get?login=_foster_&src=ygodgw&passwd=4acefc794064510595a80e2f9661e425&challenge=sv7nXzN5j.NVNrXEfIsXKJQuFFUX&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
220.215.160.119 - - "POST http://loverspillsremember.com/process_order.php HTTP/1.0" 502 994 "-" "\"Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8) Gecko/20051212 Firefox/1.5\""
69.205.55.200 - - "GET http://209.73.169.3/config/pwtoken_get?login=love+cash&src=ygodgw&passwd=1476fd1e1c7eda78665776797ad2b0c0&challenge=uZWQxnVwj.Nx3xfpoCgQe.4PmzwY&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
24.247.197.100 - - "GET http://217.146.187.242/config/pwtoken_get?login=pilot_whale&src=ygodgw&passwd=24a7783ed40c104bde1181eac00bdb32&challenge=SDq_.kV_j.M7qpwWgOs92oYTIn7u&md5=1 HTTP/1.0" 200 4 "-" "MobileRunner-J2ME"
79.143.176.14 - - "GET http://www.google.com/search?client=navclient-auto&ch=6750653658&features=Rank&q=info:iffp-edu.ch HTTP/1.0" 200 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
67.205.67.208 - - "POST http://www.tpso4.m-society.go.th/th/index.php?option=com_joomlaboard&itemid=52&func=post HTTP/1.1" 400 226 "http://www.tpso4.m-society.go.th/th/index.php?option=com_joomlaboard&Itemid=52&func=post&do=reply&replyto=2351&catid=7" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
127.0.0.1 - - "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.11 (Unix) DAV/2 (internal dummy connection)"
59.53.88.100 - - "GET http://www.ip838.cn/e/member/register/index.php HTTP/1.1" 200 89 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
58.53.128.72 - - "GET http://bbs.rxww.net/forumdisplay.php?fid=2 HTTP/1.1" 200 453 "http://www.baidu.com" "mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1;Windows 5.5;Windows 6.0)"
89.163.18.5 - - "CONNECT 64.12.200.89:443 HTTP/1.0" 200 - "-" "-"
202.134.116.245 - - "CONNECT 205.188.153.97:443 HTTP/1.0" 200 - "-" "-"
76.174.238.79 - - "GET http://www.youtube.com/index?&ytsession=V5x0VKfhagpc-_Is7SlNS15eFe6cFriTwAImLDDSQlq2TweHRmEWE8PFborY4ZNTA9m0FXIADwwloMEi30tlxrjXMPjE6rAczRPuNYzzb6TyzkPYbNa2Eq6Y6wPOZZAm6RrQCzw6dEWX_LxgmOMAUJP1SuQ2AnlraiXg0PM2iJhOoHgojMiQVe5TXOaHFq_w5YYXgbM3XXF9hDH6woELuDhhSgnMA_Ik2wFnQbbKD6l8Ham4Z78KmjpRemPaP-9QdMh4qsxxiXH7VmhFGIVhlBQJJf7-4ZMLyWsOuNbK-vr1RUv0Y9YfVA HTTP/1.1" 200 80049 "-" "Version/3.0.3 Safari/522.12.1"
219.134.228.226 - - "GET http://s.baidu.com/w.gif?q=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&fm=se&T=1231033310&y=7F7FFE7F&path=http://www.baidu.com/s?ie=gb2312&bs=%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&sr=&z=&cl=3&f=8&wd=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&ct=0&t=1231033293796 HTTP/1.0" 200 - "http://www.baidu.com/s?ie=gb2312&bs=%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&sr=&z=&cl=3&f=8&wd=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&ct=0" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
67.205.74.207 - - "POST http://moriguchi-mokkou.com/modules/wordpress/wp-comments-post.php HTTP/1.1" 302 - "http://moriguchi-mokkou.com/modules/wordpress/index.php?p=11" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
59.56.109.60 - - "GET http://optimizedby.rmxads.com/st?ad_type=ad&ad_size=728x90&promote_sizes=1§ion=447871 HTTP/1.0" 200 4161 "http://www.scrapslive.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
59.53.88.100 - - "GET http://www.ip838.cn/e/search/result/?searchid=8 HTTP/1.1" 403 218 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
76.15.158.181 - - "GET http://e6.member.scd.yahoo.com/config/pwtoken_get?login=ball-&src=ygodgw&passwd=720df1659c08c38ccb01e733809a1e2e&challenge=qw03eHt_j.OyjwLrESmYUbSWqBnZ&md5=1 HTTP/1.0" 404 370 "-" "MobileRunner-J2ME"
81.176.236.228 - - "CONNECT 64.12.200.89:443 HTTP/1.0" 200 - "-" "-"
66.152.184.8 - - "GET http://loadingreadyrun.com/app/webroot/blog2/?p=68 HTTP/1.1" 404 6032 "http://www.presentdebthelp.com/consumer-peachstate-financial-services-www-debts-bankruptcy-recoveries.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
58.88.215.115 - - "GET http://www.fow96.com/cgi_bin/kaiseki/ref.cgi?10509 HTTP/1.0" 302 205 "http://www.meew.net/kfriends/top.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
58.95.130.241 - - "GET http://tv.tracker.prq.to/announce?info_hash=%db%0e%08%1d%3a%06E%22h%ce%f65%02%c7%15%3cL%df%96%a6&peer_id=-UT1810-_1%b4%89A%b0%f3%17u%9c%a2r&port=15223&uploaded=0&downloaded=0&left=729023022&corrupt=0&key=5CC93347&event=started&numwant=200&compact=1&no_peer_id=1&ipv6=2001%3aa000%3af16b%3a0%3a3902%3a1917%3a7402%3a351b HTTP/1.1" 200 98 "-" "uTorrent/1810"
67.205.67.208 - - "POST http://www.treibhausmuenchen.de/joomla/index.php?option=com_fireboard&itemid=0&func=post HTTP/1.1" 400 226 "http://www.treibhausmuenchen.de/joomla/index.php?option=com_fireboard&Itemid=0&func=post&do=quote&replyto=31023&catid=3" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
91.180.219.17 - - "Get http://l02.member.ukl.yahoo.com/config/isp_verify_user?l=ChristianDick&p=qwerty HTTP/1.0" 999 4707 "-" "-"
59.56.109.60 - - "GET http://ad.yieldmanager.com/imp?Z=728x90&p=1&s=447871&_salt=376819552&B=12&m=2&u=http%3A%2F%2Fwww.scrapslive.com%2F&r=1 HTTP/1.0" 200 551 "http://www.scrapslive.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
127.0.0.1 - - "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.11 (Unix) DAV/2 (internal dummy connection)"
79.143.176.14 - - "GET http://www.google.com/search?client=navclient-auto&ch=6265999007&features=Rank&q=info:karateclub-aesch.ch HTTP/1.0" 200 11 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
127.0.0.1 - - "GET /announce?info_hash=%60%87%b9%5c%c2F%cc1p%5eJ%feubd%a5%9a%d3%de%cd&peer_id=-UT1810-_1%b4%89A%b0%f3%17u%9c%a2r&port=15223&uploaded=98304&downloaded=0&left=6815744&corrupt=0&key=5CC93347&numwant=200&compact=1&no_peer_id=1&ipv6=2001%3aa000%3af16b%3a0%3a3902%3a1917%3a7402%3a351b HTTP/1.1" 404 3402 "-" "uTorrent/1810"
58.95.130.241 - - "GET http://tracker2.bt-chat.com/announce?info_hash=%60%87%b9%5c%c2F%cc1p%5eJ%feubd%a5%9a%d3%de%cd&peer_id=-UT1810-_1%b4%89A%b0%f3%17u%9c%a2r&port=15223&uploaded=98304&downloaded=0&left=6815744&corrupt=0&key=5CC93347&numwant=200&compact=1&no_peer_id=1&ipv6=2001%3aa000%3af16b%3a0%3a3902%3a1917%3a7402%3a351b HTTP/1.1" 404 3402 "-" "uTorrent/1810"
212.95.54.42 - - "GET http://212.95.32.82/~pasha/ppproxyc/engine.php HTTP/1.0" 200 566 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
59.53.88.100 - - "GET http://www.ip838.cn/index.html HTTP/1.1" 200 38708 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
83.19.154.58 - - "GET http://members.maturetales.com/ HTTP/1.0" 401 397 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8"
204.9.184.201 - - "GET http://app.blog.livedoor.jp/__errors/comment_rejected_maxposts.html HTTP/1.1" 200 4487 "http://www.s-d3.com/archives/50086860.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; NetCaptor 6.5.0RC1)"
59.53.88.100 - - "GET http://www.ip838.cn/e/member/register/index.php HTTP/1.1" 200 89 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
77.127.4.88 - - "CONNECT 205.188.153.154:443 HTTP/1.0" 200 - "-" "-"
58.88.215.115 - - "GET http://ranks1.apserver.net/share/in.php?u=pisskeep&id=madams01 HTTP/1.0" 502 509 "http://www.cirfle.com/madam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
67.177.121.51 - - "GET http://www.sextoypartyshop.com HTTP/1.0" 200 8688 "-" "-"
62.195.233.232 - - "POST http://sushi20.mobile.re3.yahoo.com/p/login/auth?ignore=signin HTTP/1.1" 502 502 "-" "-"
204.9.184.197 - - "GET http://www.netlaputa.ne.jp/~my-yos/wwwboard/messages/165.html HTTP/1.1" 404 304 "http://www.presentdebthelp.com/turner-young-mortgages-loan-negotiations-websites-credit-card.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon)"
79.100.41.21 - - "GET http://www.aol.com/ HTTP/1.1" 302 306 "-" "-"
60.53.205.169 - - "GET http://203.209.228.47/config/isp_verify_user?l=casper__666&p=carnegie HTTP/1.0" 999 4703 "http://203.209.228.47" "-"
127.0.0.1 - - "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.11 (Unix) DAV/2 (internal dummy connection)"
79.143.176.14 - - "GET http://www.google.com/search?client=navclient-auto&ch=6-419804339&features=Rank&q=info:www.karateclub-aesch.ch HTTP/1.0" 200 11 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
204.9.184.197 - - "GET http://www.zuurpruimen.nl/component/option,com_simpleboard/Itemid,48/func,post/do,quote/replyto,75/catid,8/index.php?option=com_jambook&Itemid=61&task=list&sort=createddesc&limit=10&limitstart=10 HTTP/1.1" 403 748 "http://www.presentdebthelp.com/debt-cosolidation2.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iRider 2.21.1108; FDM)"
58.95.130.241 - - "GET http://open.tracker.thepiratebay.org/announce.php?info_hash=%d0%7dI%07%cc%23k%28%ecC%8b%ea%d1%da%0fz%85%05%b1%26&peer_id=-UT1810-_1%b4%89A%b0%f3%17u%9c%a2r&port=15223&uploaded=49152&downloaded=0&left=4187471872&corrupt=0&key=5CC93347&event=started&numwant=200&compact=1&no_peer_id=1&ipv6=2001%3aa000%3af16b%3a0%3a3902%3a1917%3a7402%3a351b HTTP/1.1" 502 1149 "-" "uTorrent/1810"
78.85.159.188 - - "CONNECT login.icq.com:443 HTTP/1.0" 200 - "-" "-"
59.53.88.100 - - "GET http://www.ip838.cn/index.html HTTP/1.1" 200 38708 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
58.53.128.72 - - "GET http://bbs.rxww.net/forumdisplay.php?fid=2 HTTP/1.1" 200 453 "http://www.baidu.com" "mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1;Windows 5.5;Windows 6.0)"
94.76.199.2 - - "POST http://travel-sichuan.com/jiudian/HotelDetail.asp HTTP/1.1" 200 1932 "http://travel-sichuan.com/jiudian/HotelDetail.asp?Hid=24&Page=12106" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
83.19.154.58 - - "GET http://www.dodger.co.uk/members/main.html HTTP/1.0" 401 466 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8"
《解決方案》
上面的apache日誌,沒有一個是我們公司的網站,全部是偽造的!
《解決方案》
看到一個帖子:
http://bbs.chinaunix.net/thread-1102744-1-1.html
按照上面的配置,配置好了,確實有效果,就是自己也不能訪問了!
《解決方案》
If it really DDOS attacks.you can not do anything.just to wait and see ,as long as stopping attacking.your server will run properly.
there are several ways to help you to prevent DDOS.but it is effective a little.
add mod_dosevasive.so or limitpconn.so for your apache to block malixious user.
start iptables which can limit connection ratio per second
《解決方案》
配置了硬體防火牆,可以阻止一部分syn flood的攻擊,謝謝各位的建議!