httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John <lostgu...@gmail.com>
Subject [users@httpd] Apache Log Attack
Date Fri, 19 Aug 2005 15:47:45 GMT
I am having numerous IPs that are changing daily and constantly
hitting my webserver and taking up about 1Mbit solid 24x7.  There is
no POST/GET or any other type of connection, it just seems like they
open port 80 and start pushing tons of junk.  The IPs are from APNIC
and are not country specific.   Any help would be greatly appreciated,
we are getting slammed by these hits.

Their IP has been changed to aaa.bbb.ccc.ddd and my domain has been
changed to www.mydomain.com.


20050819-10-access.log:aaa.bbb.ccc.ddd www.mydomain.com -
[19/Aug/2005:10:44:20 -0400]
"\xa4Y~5\xcf2\"\xf4\xcc\xcf\xd3\x90-H\xd3\x8f
u\xe6\xd9\x1d*\xe5\xc0\xf7+x\x81\x87D\x0e_P" 302 123 "-" "-"
20050819-10-access.log:aaa.bbb.ccc.ddd www.mydomain.com -
[19/Aug/2005:10:44:20 -0400]
"\xf2\xebq\xff\xa0\xd0;u\x06\x8c~\x87xsM\xd0\
xbe\x82\xbe\xdb\xc2FA+\x8c\xfa0\x7fp\xf0\xa7T\x862\x95\xaa[h\x13\v\xe6\xfc\xf5\xca\xbe}\x9f\x89\x8aA\x1b\xfd\xb8Oh\xf6r{\x14\x99\xcd
\xd3\r\xf0D:\xb4\xa6fS3\v\xcb\xa1\x10^L\xec\x03Ls\xe6\x05\xb41\x0e\xaa\xad\xcf\xd5\xb0\xca'\xff\xd8\x9d\x14M\xf4y'YB|\x9c\xc1\xf8\xc
d\x8c\x87 #d\xb8\xa6\x87\x95L\xb0Z\x8dN-\x99\xe7=\xb1`" 400 299 "-" "-"
20050819-10-access.log:aaa.bbb.ccc.ddd www.mydomain.com -
[19/Aug/2005:10:44:20 -0400]
"\xb1\x80\xad\bA\xe9gA\xa5\xd5\x9f\xe4\x18\x9
f\x15B" 302 123 "-" "-"
20050819-10-access.log:aaa.bbb.ccc.ddd www.mydomain.com -
[19/Aug/2005:10:44:20 -0400]
"\xb8\xe0\xe1`\x8fn<{\xf4[b\x8a\x8a\x8f'\\\xf
7\xe5\x87J;2\x9ba@\x84\xc6\xc3\xb1\xa70J\x10\xeeuo\x03/\x9ej\xef\x10P\x9b\xc8\x81C)(\x8a\xf6\xe9\x9eG\xa1\x81H1l\xcd\xa4\x9e\xde\x81
\xa3\x8c\x98\x10\xff\x9aC\xcd\xcfW\xc7PY\xbf\xbd\x1c'\x03(\x7f]\x89_\xb9I4N`<\xe5\xde\x02\x98B\xb2\r+\xb6\x14\xec\xbb\xb8/s\xe2Q~}\x
1d\xd8\x84\xd3\x1f\x01\xbePk\x16\xd6C!\x83\x19\x15" 400 - "-" "-"
20050819-10-access.log:aaa.bbb.ccc.ddd www.mydomain.com -
[19/Aug/2005:10:44:20 -0400]
"2q\xaf\xf2d\xd0\xf2HA\xd6F_\t\x96\xff\x84\xe
6_\xc5\x17\xc5>\xfc3c\xc3\x84\x92\xab\b\xa3\xaa?\xf0?\x1cU\xadQO\xc4\x85\x96X^\xd5\x88\x1e\x81V\x8c\xbb\xe9\x9fm%\xc8\xeb\t\r\x19\x1
dJ\x071\x01X\xec\x97\xd5\r|\x15\b\xaaH\x0fA\xc8\xd0\x14\xa3\x91\xe8\xb3P/`\x90+\x85\xe3\xb7\xe3\x1d
/-b(\xd3P\x10\x17]\xe7\xe8\xf7\x
c4\xe2\xa8\xe1\xc8\xcf:e\xcaX,-\xe2\x0c`\xdc,b\x05<" 400 299 "-" "-"
20050819-10-access.log:aaa.bbb.ccc.ddd www.mydomain.com -
[19/Aug/2005:10:44:20 -0400]
"O\x12s\xff?\x02\xa3\xb5\x8e\x03\x165\xbf\x9a
\x13=\xed\x88 \xcaj\xe7\xc6\xd2\xa5v\x945Q2g\xf2\xc3&\xe8\x96\x9c\x83U\xfb\xa9\xf3\x85.\x07+&\xb1\x8b\xbfJ\xe3`;\"\xbc\xf2o\b\xbd\v"
 400 - "-" "-"
20050819-10-access.log:aaa.bbb.ccc.ddd www.mydomain.com -
[19/Aug/2005:10:44:20 -0400]
"u\xfbs]^\x12\xfe\x93u\xe0\x9e\xd5\x8e8\xed @
\xa5\\\xf6\x99N\x83]\x11\x1c\xb5*\xbd\x1f\xd8\x7f\xc5.s\x93\x18\xce\t\xb1^V\xa6\x84/P\xb7\x91\x82!\x1e\x05h\xed\x86\xb1\xfa\xb5\xf4S
\x8f\xc2\x9f\x173G\x02]UB/\xbd\xc0\xa3fH\xcd\xb0\xe6\x11\xd6\xa8\x03\xed\xed\xa6yv\xce\xc9"
400 299 "-" "-"

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message