Apache 遭受攻擊,緊急求救!

火星人 @ 2014-03-04 , reply:0


Apache 遭受攻擊,緊急求救!

85.17.97.15 - - "GET http://www.mijasapart.co.uk/Enquiry%20form.htm HTTP/1.1" 200 4083 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
204.15.74.56 - - "GET http://debian.outinamerica.com/servlet/view/banner/html/zone?zid=63&pid=0&custom1=1&keywords=www.outinmadison.com HTTP/1.1" 200 720 "http://www.outinmadison.com/Logon.asp?Refer=/home/discuss.asp&Query=article%5Fid%3D%26return%5Furl%3D%26arttype%3DC%26cmd%3Dcomment" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT Windows CE)"
94.76.199.10 - - "POST http://tabletme.com/pills/viagra.php HTTP/1.1" 200 1376 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
62.33.188.17 - - "CONNECT login.icq.com:443 HTTP/1.0" 200 - "-" "-"
204.9.184.221 - - "GET http://www.leon-lai.com/leonforum.mv?parm_func=showmsg+parm_msgnum=1019485 HTTP/1.1" 404 271 "http://www.presentdebthelp.com/buykontrol-mortgage-on-line-chapter-9-det-dedts-collections-uk.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iRider 2.21.1108; FDM)"
204.13.169.5 - - "GET http://st.glcdn.us/css/sss/main.sss?b=msie6.0&c=00052498 HTTP/1.1" 403 - "http://www.presentdebthelp.com/bayport-mortgage-web-debt-det-consolation.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)"


上面是Apache產生的日誌,每天這樣的日誌有4百萬到5百萬,公司裡面有硬體防火牆(還么有配置好,也不知道該如何配置),公司的伺服器是apache2.2 ,操作系統是opensuse。



用netstat -an  命令查看,發現是:TCP SYN Flood 攻擊:

tcp        0      0 192.168.1.103:80        204.15.74.35:4338       SYN_RECV   
tcp        0      0 192.168.1.103:80        204.15.74.48:4666       SYN_RECV   
tcp        0      0 192.168.1.103:80        204.9.184.201:4704      SYN_RECV   
tcp        0      0 192.168.1.103:80        62.33.188.17:3526       SYN_RECV   
tcp        0      0 192.168.1.103:80        204.9.184.206:4137      SYN_RECV   
tcp        0      0 192.168.1.103:80        204.13.169.6:2720       SYN_RECV   
tcp        0      0 192.168.1.103:80        66.152.184.2:1990       SYN_RECV   
tcp        0      0 192.168.1.103:80        92.48.118.83:47811      SYN_RECV   
tcp        0      0 192.168.1.103:80        78.85.159.188:12374     SYN_RECV   
tcp        0      0 192.168.1.103:80        69.205.55.200:1033      SYN_RECV   
tcp        0      0 192.168.1.103:80        204.9.184.205:4350      SYN_RECV   
tcp        0      0 192.168.1.103:80        204.15.74.50:2574       SYN_RECV   
tcp        0      0 192.168.1.103:80        92.112.245.7:20302      SYN_RECV   
tcp        0      0 192.168.1.103:80        38.100.200.230:5098     SYN_RECV   
tcp        0      0 192.168.1.103:80        222.216.28.191:3554     SYN_RECV   
tcp        0      0 192.168.1.103:80        66.97.163.8:4603        SYN_RECV   
tcp        0      0 192.168.1.103:80        72.55.146.236:57298     SYN_RECV   
tcp        0      0 192.168.1.103:80        92.48.118.83:56209      SYN_RECV   
tcp        0      0 192.168.1.103:80        92.48.118.83:45804      SYN_RECV   
tcp        0      0 192.168.1.103:80        92.112.245.7:20351      SYN_RECV   
tcp        0      0 192.168.1.103:80        204.13.169.14:3357      SYN_RECV   
tcp        0      0 192.168.1.103:80        83.133.119.11:3800      SYN_RECV   
tcp        0      0 192.168.1.103:80        66.152.184.8:1111       SYN_RECV   
tcp        0      0 192.168.1.103:80        122.145.132.180:44084   SYN_RECV   
tcp        0      0 192.168.1.103:80        38.100.202.166:1154     SYN_RECV   
tcp        0      0 192.168.1.103:80        78.132.158.186:3640     SYN_RECV   
tcp        0      0 192.168.1.103:80        62.33.188.17:3562       SYN_RECV   
tcp        0      0 192.168.1.103:80        62.33.188.17:3506       SYN_RECV   
tcp        0      0 192.168.1.103:80        90.188.186.119:1225     SYN_RECV   
tcp        0      0 192.168.1.103:80        204.15.73.167:4407      SYN_RECV   
tcp        0      0 192.168.1.103:80        72.55.146.236:57191     SYN_RECV   
tcp        0      0 192.168.1.103:80        62.33.188.17:3588       SYN_RECV   
tcp        0      0 192.168.1.103:80        204.9.184.209:4526      SYN_RECV   
tcp        0      0 192.168.1.103:80        221.204.188.81:1875     SYN_RECV   
tcp        0      0 192.168.1.103:80        217.7.251.69:15897      SYN_RECV   
tcp        0      0 192.168.1.103:80        92.48.118.83:56529      SYN_RECV   
tcp        0      0 192.168.1.103:80        67.205.67.208:55575     SYN_RECV   
tcp        0      0 192.168.1.103:80        66.97.163.6:2892        SYN_RECV   
tcp        0      0 192.168.1.103:80        38.100.202.164:4272     SYN_RECV   
tcp        0      0 192.168.1.103:80        209.208.100.226:2076    SYN_RECV   
tcp        0      0 192.168.1.103:80        204.9.184.209:1321      SYN_RECV   
tcp        0      0 192.168.1.103:80        62.33.188.17:3570       SYN_RECV   
tcp        0      0 192.168.1.103:80        58.53.128.72:3795       SYN_RECV   
tcp        0      0 192.168.1.103:80        94.76.199.2:50900       SYN_RECV   
tcp        0      0 192.168.1.103:80        85.17.97.15:37620       SYN_RECV   
tcp        0      0 192.168.1.103:80        209.208.100.210:4952    SYN_RECV   
tcp        0      0 192.168.1.103:80        204.15.77.99:1346       SYN_RECV   
tcp        0      0 192.168.1.103:80        204.9.184.198:2042      SYN_RECV   
tcp        0      0 192.168.1.103:80        94.76.199.2:35513       SYN_RECV   
tcp        0      0 192.168.1.103:80        66.97.163.8:2138        SYN_RECV   
tcp        0      0 192.168.1.103:80        204.9.184.196:2838      SYN_RECV   
tcp        0      0 192.168.1.103:80        204.13.169.8:3817       SYN_RECV   
tcp        0      0 192.168.1.103:80        208.177.78.6:2013       SYN_RECV   
tcp        0      0 192.168.1.103:80        89.2.88.242:64078       SYN_RECV   
tcp        0      0 192.168.1.103:80        91.77.186.67:4362       SYN_RECV   
tcp        0      0 192.168.1.103:80        95.70.78.35:3316        SYN_RECV   
tcp        0      0 192.168.1.103:80        38.100.202.170:2260     SYN_RECV   
tcp        0      0 192.168.1.103:80        204.9.184.218:1608      SYN_RECV   
tcp        0      0 192.168.1.103:80        66.152.184.4:1308       SYN_RECV   
tcp        0      0 192.168.1.103:80        66.152.184.3:4528       SYN_RECV   
tcp        0      0 192.168.1.103:80        91.77.186.67:1677       SYN_RECV   
tcp        0      0 192.168.1.103:80        62.33.188.17:3525       SYN_RECV   
tcp        0      0 192.168.1.103:80        67.205.67.208:55086     SYN_RECV   
tcp        0      0 192.168.1.103:80        204.15.73.165:4914      SYN_RECV   
tcp        0      0 192.168.1.103:80        204.13.169.5:3073       SYN_RECV   
tcp        0      0 192.168.1.103:80        204.15.74.34:4264       SYN_RECV   
tcp        0      0 192.168.1.103:80        62.33.188.17:3590       SYN_RECV   
tcp        0      0 192.168.1.103:80        204.13.169.6:1273       SYN_RECV   
tcp        0      0 192.168.1.103:80        204.15.74.58:3518       SYN_RECV   
tcp        0      0 192.168.1.103:80        204.15.74.62:2687       SYN_RECV   
tcp        0      0 192.168.1.103:80        92.48.118.83:36507      SYN_RECV     


請各位大俠有時間幫小弟看看,具體是什麼原因!

[ 本帖最後由 webeasymail 於 2009-1-4 09:36 編輯 ]
《解決方案》

攻擊你什麼了?
《解決方案》

回復 #2 ttplay 的帖子

攻擊了apache! 導致apche不能正常訪問!
《解決方案》

關注一下,幫忙頂~
《解決方案》

your log file says that NO ONE attacks,good luck.you should go over in detail something else
《解決方案》

不好意思,log是在太短了,我發送一個長點的,的確是遭到了SYN攻擊

雖然知道了syn攻擊,公司也有硬體防火牆,但是不知道該如何解決這個問題!
204.15.74.53 - - "GET http://m.doelog.com/h/sexy_lover/50715&p=w&cid=00535 HTTP/1.1" 502 232 "http://www.presentdebthelp.com/eworks-personaredit-repair-on-line-financial-debts-repair-review.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
76.168.175.250 - - "GET http://videos.southern-charms.com/vid_members HTTP/1.0" 401 484 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8"
118.1.85.116 - - "GET http://209.191.92.77/config/pwtoken_get?login=w743&src=ygodgw&passwd=a945cb8addcf1125dbc026d46e8fd8eb&challenge=Ho9HdwV2j.NrqP8FQac6yQxnKO_d&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
71.94.79.140 - - "GET http://www.youtube.com/watch?v=hirKqgv6F_o HTTP/1.1" 200 100109 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko)"
74.56.163.129 - - "GET http://www.youtube.com/get_video?video_id=sNheRxRAHe4&t=OEgsToPDskJJ6Nnhc315S3tZws4m8weK HTTP/1.1" 303 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Hotbar 3.0; .NET CLR 1.1.4322)"
60.53.205.169 - - "GET http://119.161.12.175/config/isp_verify_user?l=carrie__666&p=carnegie HTTP/1.0" 200 26 "http://119.161.12.175" "-"
221.223.127.27 - - "GET http://www.baidu.com/s?wd=%D0%A1%B3%D4%B3%B5 HTTP/1.1" 200 29916 "http://www.baidu.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GOSURF)"
76.174.238.79 - - "GET http://www.youtube.com/watch?v=eDfDd7p5-DA HTTP/1.1" 303 - "-" "Version/3.0.3 Safari/522.12.1"
67.205.74.207 - - "POST http://ggxx.sub.jp/cgi-bin/patio/regist.cgi HTTP/1.1" 200 945 "http://ggxx.sub.jp/cgi-bin/patio/patio.cgi?mode=view&no=2415" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
24.247.197.100 - - "GET http://217.146.187.242/config/pwtoken_get?login=kulturenskhigh&src=ygodgw&passwd=24a7783ed40c104bde1181eac00bdb32&challenge=SDq_.kV_j.M7qpwWgOs92oYTIn7u&md5=1 HTTP/1.0" 200 4 "-" "MobileRunner-J2ME"
58.53.128.72 - - "GET http://bbs.rxww.net/forumdisplay.php?fid=2 HTTP/1.1" 200 453 "http://www.baidu.com" "mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1;Windows 5.5;Windows 6.0)"
69.56.234.234 - - "POST http://70.87.136.2/cgi-bin/pr/test.pl HTTP/1.1" 200 1545 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
219.132.25.30 - - "GET http://108q.cn/28aa/zc1.asp?m=0&time=1231033309801 HTTP/1.0" 302 155 "-" "NokiaN73-2 wap.c8n.cn"
67.205.67.208 - - "POST http://www.bluearrow.jp/bbs/epad.cgi HTTP/1.1" 200 - "http://www.bluearrow.jp/bbs/epad.cgi?res=86" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
69.205.55.200 - - "GET http://69.147.111.130/config/pwtoken_get?login=love+cash&src=ygodgw&passwd=1476fd1e1c7eda78665776797ad2b0c0&challenge=uZWQxnVwj.Nx3xfpoCgQe.4PmzwY&md5=1 HTTP/1.0" 404 365 "-" "MobileRunner-J2ME"
219.134.228.226 - - "GET http://www.baidu.com/s?ie=gb2312&bs=%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&sr=&z=&cl=3&f=8&wd=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&ct=0 HTTP/1.0" 200 30667 "http://www.baidu.com/s?wd=%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
219.132.25.30 - - "GET http://wap.zdrtmw.com/u.asp?id=144 HTTP/1.0" 302 128 "-" "NokiaN73-2 wap.c8n.cn"
127.0.0.1 - - "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.11 (Unix) DAV/2 (internal dummy connection)"
89.149.254.158 - - "POST http://89.149.254.158/~admin/apost/proxy.php HTTP/1.1" 200 1247 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
98.211.140.87 - - "GET http://www.microsoft.com/en/us/default.aspx HTTP/1.0" 200 105637 "-" "-"
59.53.88.100 - - "GET http://www.ip838.cn/e/search/result/?searchid=8 HTTP/1.1" 403 218 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
71.94.79.140 - - "GET http://www.youtube.com/get_video?video_id=hirKqgv6F_o&t=OEgsToPDskJkuuC4tQRWlnxTOXCnoNZo HTTP/1.1" 303 - "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko)"
72.55.146.236 - - "POST http://lovemailer.net/erocross/sunbbs3/sunbbs.cgi HTTP/1.1" 200 804 "http://lovemailer.net/erocross/sunbbs3/sunbbs.cgi?&dtae=mure&mode=form&no=56235&page=1" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
67.205.74.207 - - "POST http://www.mundojudicial.org/index.php?option=com_fireboard&itemid=26&func=post HTTP/1.1" 200 2914 "http://www.mundojudicial.org/index.php?catid=16&replyto=624&do=quote&func=post&Itemid=26&option=com_fireboard" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
91.77.186.67 - - "CONNECT 64.12.161.185:443 HTTP/1.0" 200 - "-" "-"
76.24.115.218 - - "POST http://musicservices.myspace.com/Modules/MusicServices/Services/MusicPlayerService.ashx?action=getToken HTTP/1.1" 200 161 "http://lads.myspace.com/videos/Main.swf" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
219.132.25.30 - - "GET http://wap.zdrtmw.com/IP.asp HTTP/1.0" 200 605 "-" "NokiaN73-2 wap.c8n.cn"
79.100.41.21 - - "GET http://images.google.com/ HTTP/1.1" 200 5958 "-" "-"
69.205.55.200 - - "GET http://69.147.112.218/config/pwtoken_get?login=youngsmoke&src=ygodgw&passwd=1476fd1e1c7eda78665776797ad2b0c0&challenge=uZWQxnVwj.Nx3xfpoCgQe.4PmzwY&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
89.252.145.18 - - "CONNECT login.icq.com:443 HTTP/1.0" 200 - "-" "Mozilla/7.00 (WinNT; U ;Nav)"
219.134.228.226 - - "GET http://c.baidu.com/c.gif?t=0&q=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&p=0&pn=1 HTTP/1.0" 204 - "http://www.baidu.com/s?ie=gb2312&bs=%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&sr=&z=&cl=3&f=8&wd=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&ct=0" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
89.2.88.242 - - "GET http://n3.login.scd.yahoo.com/config/isp_verify_user?l=blackandre&p=history HTTP/1.0" 999 4703 "http://n3.login.scd.yahoo.com" "-"
69.205.55.200 - - "GET http://209.191.92.77/config/pwtoken_get?login=wintergec&src=ygodgw&passwd=1476fd1e1c7eda78665776797ad2b0c0&challenge=uZWQxnVwj.Nx3xfpoCgQe.4PmzwY&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
202.190.131.125 - - "GET http://n19.login.scd.yahoo.com/config/pwtoken_get?login=_foster_&src=ygodgw&passwd=4acefc794064510595a80e2f9661e425&challenge=sv7nXzN5j.NVNrXEfIsXKJQuFFUX&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
220.215.160.119 - - "POST http://loverspillsremember.com/process_order.php HTTP/1.0" 502 994 "-" "\"Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8) Gecko/20051212 Firefox/1.5\""
69.205.55.200 - - "GET http://209.73.169.3/config/pwtoken_get?login=love+cash&src=ygodgw&passwd=1476fd1e1c7eda78665776797ad2b0c0&challenge=uZWQxnVwj.Nx3xfpoCgQe.4PmzwY&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
24.247.197.100 - - "GET http://217.146.187.242/config/pwtoken_get?login=pilot_whale&src=ygodgw&passwd=24a7783ed40c104bde1181eac00bdb32&challenge=SDq_.kV_j.M7qpwWgOs92oYTIn7u&md5=1 HTTP/1.0" 200 4 "-" "MobileRunner-J2ME"
79.143.176.14 - - "GET http://www.google.com/search?client=navclient-auto&ch=6750653658&features=Rank&q=info:iffp-edu.ch HTTP/1.0" 200 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
67.205.67.208 - - "POST http://www.tpso4.m-society.go.th/th/index.php?option=com_joomlaboard&itemid=52&func=post HTTP/1.1" 400 226 "http://www.tpso4.m-society.go.th/th/index.php?option=com_joomlaboard&Itemid=52&func=post&do=reply&replyto=2351&catid=7" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
127.0.0.1 - - "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.11 (Unix) DAV/2 (internal dummy connection)"
59.53.88.100 - - "GET http://www.ip838.cn/e/member/register/index.php HTTP/1.1" 200 89 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
58.53.128.72 - - "GET http://bbs.rxww.net/forumdisplay.php?fid=2 HTTP/1.1" 200 453 "http://www.baidu.com" "mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1;Windows 5.5;Windows 6.0)"
89.163.18.5 - - "CONNECT 64.12.200.89:443 HTTP/1.0" 200 - "-" "-"
202.134.116.245 - - "CONNECT 205.188.153.97:443 HTTP/1.0" 200 - "-" "-"
76.174.238.79 - - "GET http://www.youtube.com/index?&ytsession=V5x0VKfhagpc-_Is7SlNS15eFe6cFriTwAImLDDSQlq2TweHRmEWE8PFborY4ZNTA9m0FXIADwwloMEi30tlxrjXMPjE6rAczRPuNYzzb6TyzkPYbNa2Eq6Y6wPOZZAm6RrQCzw6dEWX_LxgmOMAUJP1SuQ2AnlraiXg0PM2iJhOoHgojMiQVe5TXOaHFq_w5YYXgbM3XXF9hDH6woELuDhhSgnMA_Ik2wFnQbbKD6l8Ham4Z78KmjpRemPaP-9QdMh4qsxxiXH7VmhFGIVhlBQJJf7-4ZMLyWsOuNbK-vr1RUv0Y9YfVA HTTP/1.1" 200 80049 "-" "Version/3.0.3 Safari/522.12.1"
219.134.228.226 - - "GET http://s.baidu.com/w.gif?q=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&fm=se&T=1231033310&y=7F7FFE7F&path=http://www.baidu.com/s?ie=gb2312&bs=%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&sr=&z=&cl=3&f=8&wd=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&ct=0&t=1231033293796 HTTP/1.0" 200 - "http://www.baidu.com/s?ie=gb2312&bs=%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&sr=&z=&cl=3&f=8&wd=%B0%DB%CA%C2%B4%EF%D6%E9%B1%A6%B9%DC%C0%ED%C8%ED%BC%FE&ct=0" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
67.205.74.207 - - "POST http://moriguchi-mokkou.com/modules/wordpress/wp-comments-post.php HTTP/1.1" 302 - "http://moriguchi-mokkou.com/modules/wordpress/index.php?p=11" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
59.56.109.60 - - "GET http://optimizedby.rmxads.com/st?ad_type=ad&ad_size=728x90&promote_sizes=1&section=447871 HTTP/1.0" 200 4161 "http://www.scrapslive.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
59.53.88.100 - - "GET http://www.ip838.cn/e/search/result/?searchid=8 HTTP/1.1" 403 218 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
76.15.158.181 - - "GET http://e6.member.scd.yahoo.com/config/pwtoken_get?login=ball-&src=ygodgw&passwd=720df1659c08c38ccb01e733809a1e2e&challenge=qw03eHt_j.OyjwLrESmYUbSWqBnZ&md5=1 HTTP/1.0" 404 370 "-" "MobileRunner-J2ME"
81.176.236.228 - - "CONNECT 64.12.200.89:443 HTTP/1.0" 200 - "-" "-"
66.152.184.8 - - "GET http://loadingreadyrun.com/app/webroot/blog2/?p=68 HTTP/1.1" 404 6032 "http://www.presentdebthelp.com/consumer-peachstate-financial-services-www-debts-bankruptcy-recoveries.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
58.88.215.115 - - "GET http://www.fow96.com/cgi_bin/kaiseki/ref.cgi?10509 HTTP/1.0" 302 205 "http://www.meew.net/kfriends/top.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
58.95.130.241 - - "GET http://tv.tracker.prq.to/announce?info_hash=%db%0e%08%1d%3a%06E%22h%ce%f65%02%c7%15%3cL%df%96%a6&peer_id=-UT1810-_1%b4%89A%b0%f3%17u%9c%a2r&port=15223&uploaded=0&downloaded=0&left=729023022&corrupt=0&key=5CC93347&event=started&numwant=200&compact=1&no_peer_id=1&ipv6=2001%3aa000%3af16b%3a0%3a3902%3a1917%3a7402%3a351b HTTP/1.1" 200 98 "-" "uTorrent/1810"
67.205.67.208 - - "POST http://www.treibhausmuenchen.de/joomla/index.php?option=com_fireboard&itemid=0&func=post HTTP/1.1" 400 226 "http://www.treibhausmuenchen.de/joomla/index.php?option=com_fireboard&Itemid=0&func=post&do=quote&replyto=31023&catid=3" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
91.180.219.17 - - "Get http://l02.member.ukl.yahoo.com/config/isp_verify_user?l=ChristianDick&p=qwerty HTTP/1.0" 999 4707 "-" "-"
59.56.109.60 - - "GET http://ad.yieldmanager.com/imp?Z=728x90&p=1&s=447871&_salt=376819552&B=12&m=2&u=http%3A%2F%2Fwww.scrapslive.com%2F&r=1 HTTP/1.0" 200 551 "http://www.scrapslive.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
127.0.0.1 - - "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.11 (Unix) DAV/2 (internal dummy connection)"
79.143.176.14 - - "GET http://www.google.com/search?client=navclient-auto&ch=6265999007&features=Rank&q=info:karateclub-aesch.ch HTTP/1.0" 200 11 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
127.0.0.1 - - "GET /announce?info_hash=%60%87%b9%5c%c2F%cc1p%5eJ%feubd%a5%9a%d3%de%cd&peer_id=-UT1810-_1%b4%89A%b0%f3%17u%9c%a2r&port=15223&uploaded=98304&downloaded=0&left=6815744&corrupt=0&key=5CC93347&numwant=200&compact=1&no_peer_id=1&ipv6=2001%3aa000%3af16b%3a0%3a3902%3a1917%3a7402%3a351b HTTP/1.1" 404 3402 "-" "uTorrent/1810"
58.95.130.241 - - "GET http://tracker2.bt-chat.com/announce?info_hash=%60%87%b9%5c%c2F%cc1p%5eJ%feubd%a5%9a%d3%de%cd&peer_id=-UT1810-_1%b4%89A%b0%f3%17u%9c%a2r&port=15223&uploaded=98304&downloaded=0&left=6815744&corrupt=0&key=5CC93347&numwant=200&compact=1&no_peer_id=1&ipv6=2001%3aa000%3af16b%3a0%3a3902%3a1917%3a7402%3a351b HTTP/1.1" 404 3402 "-" "uTorrent/1810"
212.95.54.42 - - "GET http://212.95.32.82/~pasha/ppproxyc/engine.php HTTP/1.0" 200 566 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
59.53.88.100 - - "GET http://www.ip838.cn/index.html HTTP/1.1" 200 38708 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
83.19.154.58 - - "GET http://members.maturetales.com/ HTTP/1.0" 401 397 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8"
204.9.184.201 - - "GET http://app.blog.livedoor.jp/__errors/comment_rejected_maxposts.html HTTP/1.1" 200 4487 "http://www.s-d3.com/archives/50086860.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; NetCaptor 6.5.0RC1)"
59.53.88.100 - - "GET http://www.ip838.cn/e/member/register/index.php HTTP/1.1" 200 89 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
77.127.4.88 - - "CONNECT 205.188.153.154:443 HTTP/1.0" 200 - "-" "-"
58.88.215.115 - - "GET http://ranks1.apserver.net/share/in.php?u=pisskeep&id=madams01 HTTP/1.0" 502 509 "http://www.cirfle.com/madam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
67.177.121.51 - - "GET http://www.sextoypartyshop.com HTTP/1.0" 200 8688 "-" "-"
62.195.233.232 - - "POST http://sushi20.mobile.re3.yahoo.com/p/login/auth?ignore=signin HTTP/1.1" 502 502 "-" "-"
204.9.184.197 - - "GET http://www.netlaputa.ne.jp/~my-yos/wwwboard/messages/165.html HTTP/1.1" 404 304 "http://www.presentdebthelp.com/turner-young-mortgages-loan-negotiations-websites-credit-card.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon)"
79.100.41.21 - - "GET http://www.aol.com/ HTTP/1.1" 302 306 "-" "-"
60.53.205.169 - - "GET http://203.209.228.47/config/isp_verify_user?l=casper__666&p=carnegie HTTP/1.0" 999 4703 "http://203.209.228.47" "-"
127.0.0.1 - - "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.11 (Unix) DAV/2 (internal dummy connection)"
79.143.176.14 - - "GET http://www.google.com/search?client=navclient-auto&ch=6-419804339&features=Rank&q=info:www.karateclub-aesch.ch HTTP/1.0" 200 11 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
204.9.184.197 - - "GET http://www.zuurpruimen.nl/component/option,com_simpleboard/Itemid,48/func,post/do,quote/replyto,75/catid,8/index.php?option=com_jambook&Itemid=61&task=list&sort=createddesc&limit=10&limitstart=10 HTTP/1.1" 403 748 "http://www.presentdebthelp.com/debt-cosolidation2.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iRider 2.21.1108; FDM)"
58.95.130.241 - - "GET http://open.tracker.thepiratebay.org/announce.php?info_hash=%d0%7dI%07%cc%23k%28%ecC%8b%ea%d1%da%0fz%85%05%b1%26&peer_id=-UT1810-_1%b4%89A%b0%f3%17u%9c%a2r&port=15223&uploaded=49152&downloaded=0&left=4187471872&corrupt=0&key=5CC93347&event=started&numwant=200&compact=1&no_peer_id=1&ipv6=2001%3aa000%3af16b%3a0%3a3902%3a1917%3a7402%3a351b HTTP/1.1" 502 1149 "-" "uTorrent/1810"
78.85.159.188 - - "CONNECT login.icq.com:443 HTTP/1.0" 200 - "-" "-"
59.53.88.100 - - "GET http://www.ip838.cn/index.html HTTP/1.1" 200 38708 "http://www.whitehouse.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)"
58.53.128.72 - - "GET http://bbs.rxww.net/forumdisplay.php?fid=2 HTTP/1.1" 200 453 "http://www.baidu.com" "mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1;Windows 5.5;Windows 6.0)"
94.76.199.2 - - "POST http://travel-sichuan.com/jiudian/HotelDetail.asp HTTP/1.1" 200 1932 "http://travel-sichuan.com/jiudian/HotelDetail.asp?Hid=24&Page=12106" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
83.19.154.58 - - "GET http://www.dodger.co.uk/members/main.html HTTP/1.0" 401 466 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8"
《解決方案》

上面的apache日誌,沒有一個是我們公司的網站,全部是偽造的!
《解決方案》

看到一個帖子:
http://bbs.chinaunix.net/thread-1102744-1-1.html
按照上面的配置,配置好了,確實有效果,就是自己也不能訪問了!
《解決方案》

If it really DDOS attacks.you can not do anything.just to wait and see ,as long as stopping attacking.your server will run properly.

there are several ways to help you to prevent DDOS.but it is effective a little.

add mod_dosevasive.so or limitpconn.so  for your apache to block malixious user.

start iptables which can limit connection ratio per second
《解決方案》

配置了硬體防火牆,可以阻止一部分syn flood的攻擊,謝謝各位的建議!



[火星人 via ] Apache 遭受攻擊,緊急求救!已經有5684次圍觀

http://www.coctec.com/docs/service/show-post-23853.html