Re: myriads of access to unknown pages on my server bring my server down (DOS?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Mar 10, 2010 at 1:34 PM, peter pilsl <pilsl@xxxxxxxxxxxx> wrote:
>
> My apache was slowing down big time today morning and when I looked at the logs I realized that I've approx 10 page-requests per second from various ip's to pages that are not hosted on my server.
>
> example:
>
> buzzurl.jp 204.45.41.82 - - [10/Mar/2010:14:49:34 +0100] "GET http://buzzurl.jp/tag/firefox%20add-ons/200902 HTTP/1.1" 200 19620 "-" "Mozilla/4.0 (compatible
> ; MSIE 6.0; Windows NT 5.1; SV1)"
>
>
> the requested page and the source-IP are new in every line.
>
> I know this "ghosts" from earlier logs and never knew why they were in my logs but I never thought about it, cause they were infrequently. But now I'm really overrun by these request.
>
> So I wonder: whats going on here?  Is this a targeted attack? where are these requests coming from?
>
> buzzurl.jp (from the above example) does not resolve to my host-ip, but thats not the issue cause the name is in the request-header. What worries me more is that my apache didnt give back a 404 like it should but a 200 !!??
>
> How can that be?  I dont have a default-page running and when I reconfigure my client here so that buzzurl.jp points to my server and request buzzurl.jp then I get a 404.
>
> So again: whats going on here? Why does my apache give my precious time to stupid request? does the request trick my apache?
>
> As you can imagine I'm bit in a stress here, cause my "real" webpages are getting incredible slow and the requests dont stop and I dont know how I can block them.
>
> Any idea or experience with this?
>
> thnx
> peter
>

Have you configured your apache as an unsecured forward proxy?

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux