Apache flutung angriffe ...
Posted: 2005-02-16 20:12
Hallo !
Seit ein paar tagen ist mein server-load auf über 50 und der appache ist komplett übrlastet. Ich habe tausende von anfragen, die nicht aufhören. Ich bekomme eine meldung "consider raising the MaxClients setting". Kein user kommt mehr auf die seite, oder mit 3 minuten warten.
Es werden innerhalb weniger sekunden unsinnige abfragen gemacht, auf seiten die es bei mir nicht gibt. Und das von unterschiedlichen ip's und verschiedene browser (siehe unten)
Wie kann ich das verhindern? Hat jeman einen tipp für mich!? Alleine gestern hat der angriff 27GB traffic erzeugt. Ich bin total ratlos.
Hier ein auszug der logdatei
61.19.25.2 - - [16/Feb/2005:19:45:09 +0100] "GET / HTTP/1.0" 200 15339 "http://www.nutzu.com/texas-holdem-poker.html" "Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 98)"
217.86.103.227 - - [16/Feb/2005:19:45:10 +0100] "GET /favicon.ico HTTP/1.1" 200 29926 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.5) Gecko/20041122 Firefox/1.0"
12.172.137.13 - - [16/Feb/2005:19:45:10 +0100] "GET / HTTP/1.1" 200 24119 "http://www.nutzu.com/wsop.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; SAFEXPLORER TL)"
82.148.70.171 - - [16/Feb/2005:19:45:10 +0100] "GET / HTTP/1.1" 200 31399 "http://www.nutzu.com/online-texas-holdem.html" "Mozilla/4.0 (compatible; MSIE 5.0; YANDEX)"
62.248.110.2 - - [16/Feb/2005:19:45:10 +0100] "GET / HTTP/1.1" 200 215176 "http://www.9types.com/wwwboard/messages/38950.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 3.0)"
64.139.74.204 - - [16/Feb/2005:19:45:11 +0100] "GET / HTTP/1.0" 200 247564 "http://www.nutzu.com/poker-tournament.html" "Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 98)"
195.146.147.42 - - [16/Feb/2005:19:45:11 +0100] "GET / HTTP/1.1" 200 0 "http://commercial.visi.net/ala/wwwboard ... es/23.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon)"
80.58.2.235 - - [16/Feb/2005:19:45:11 +0100] "GET / HTTP/1.0" 200 200619 "http://www.nutzu.com/texas-poker.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; N_o_k_i_a)"
65.165.84.11 - - [16/Feb/2005:19:45:11 +0100] "GET / HTTP/1.0" 200 11591 "http://malta.co.uk/wwwboard/messages/197.html" "Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]"
207.30.229.130 - - [16/Feb/2005:19:45:11 +0100] "GET / HTTP/1.0" 200 248395 "http://www.nutzu.com/wsop.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; SAFEXPLORER TL)"
200.140.131.194 - - [16/Feb/2005:19:45:12 +0100] "GET / HTTP/1.0" 200 15207 "http://www.flagfootball.org/wwwboard/messages/2507.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 3.0)"
61.19.25.2 - - [16/Feb/2005:19:45:12 +0100] "GET / HTTP/1.0" 200 15339 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)"
211.46.197.60 - - [16/Feb/2005:19:45:12 +0100] "GET / HTTP/1.1" 200 18316 "http://www.nutzu.com/poker-game.html" "Mozilla/4.0 (compatible; Lotus-Notes/5.0; Windows-NT)"
211.46.197.60 - - [16/Feb/2005:19:45:12 +0100] "GET / HTTP/1.1" 200 18316 "http://www.nutzu.com/wsop.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)"
213.253.212.101 - - [16/Feb/2005:19:45:13 +0100] "GET / HTTP/1.1" 200 249759 "http://www.nutzu.com/texas-holdem-poker.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iRider 2.21.1108; FDM)"
200.168.30.134 - - [16/Feb/2005:19:45:14 +0100] "GET / HTTP/1.1" 200 12502 "-" "Mozilla/4.0 (compatible; Lotus-Notes/5.0; Windows-NT)"64.62.168.35 - - [16/Feb/2005:19:45:14 +0100] "GET /showthread,s=3a096731ee8d0d6b8e36b38e5f69e1e8&t-20410.htm HTTP/1.0" 200 12342 "-" "Gigabot/2.0"211.46.197.60 - - [16/Feb/2005:19:45:15 +0100] "GET / HTTP/1.1" 200 18316 "http://www.nutzu.com/poker-party.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; SAFEXPLORER TL)"
61.19.25.2 - - [16/Feb/2005:19:45:15 +0100] "GET / HTTP/1.0" 200 15339 "http://www.nutzu.com/video-poker.html" "Mozilla/4.0 (compatible; MSIE6.0; Windows NT 5.1; Maxthon)"
65.165.84.11 - - [16/Feb/2005:19:45:17 +0100] "GET / HTTP/1.0" 200 11591 "http://www.faroe-islands.de/wwwboard/messages/1291.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; KITV4.7 Wanadoo)"
65.165.84.11 - - [16/Feb/2005:19:45:17 +0100] "GET / HTTP/1.0" 200 11591 "http://www.nutzu.com/texas-hold-em-rules.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; NetCaptor 6.5.0RC1)"
213.187.69.90 - - [16/Feb/2005:19:45:17 +0100] "GET / HTTP/1.0" 200 30959 "http://www.run-services.com/wwwboard/messages/775.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 3.0)"
68.190.16.2 - - [16/Feb/2005:19:45:17 +0100] "GET / HTTP/1.0" 200 18103 "http://www.nutzu.com/poker-games.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 3.0)"
65.165.84.11 - - [16/Feb/2005:19:45:18 +0100] "GET / HTTP/1.0" 200 11591 "http://www.nutzu.com/free-online-poker.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
61.19.25.2 - - [16/Feb/2005:19:45:18 +0100] "GET / HTTP/1.0" 200 15339 "http://www.nutzu.com/rules-of-poker.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
Seit ein paar tagen ist mein server-load auf über 50 und der appache ist komplett übrlastet. Ich habe tausende von anfragen, die nicht aufhören. Ich bekomme eine meldung "consider raising the MaxClients setting". Kein user kommt mehr auf die seite, oder mit 3 minuten warten.
Es werden innerhalb weniger sekunden unsinnige abfragen gemacht, auf seiten die es bei mir nicht gibt. Und das von unterschiedlichen ip's und verschiedene browser (siehe unten)
Wie kann ich das verhindern? Hat jeman einen tipp für mich!? Alleine gestern hat der angriff 27GB traffic erzeugt. Ich bin total ratlos.
Hier ein auszug der logdatei
61.19.25.2 - - [16/Feb/2005:19:45:09 +0100] "GET / HTTP/1.0" 200 15339 "http://www.nutzu.com/texas-holdem-poker.html" "Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 98)"
217.86.103.227 - - [16/Feb/2005:19:45:10 +0100] "GET /favicon.ico HTTP/1.1" 200 29926 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.5) Gecko/20041122 Firefox/1.0"
12.172.137.13 - - [16/Feb/2005:19:45:10 +0100] "GET / HTTP/1.1" 200 24119 "http://www.nutzu.com/wsop.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; SAFEXPLORER TL)"
82.148.70.171 - - [16/Feb/2005:19:45:10 +0100] "GET / HTTP/1.1" 200 31399 "http://www.nutzu.com/online-texas-holdem.html" "Mozilla/4.0 (compatible; MSIE 5.0; YANDEX)"
62.248.110.2 - - [16/Feb/2005:19:45:10 +0100] "GET / HTTP/1.1" 200 215176 "http://www.9types.com/wwwboard/messages/38950.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 3.0)"
64.139.74.204 - - [16/Feb/2005:19:45:11 +0100] "GET / HTTP/1.0" 200 247564 "http://www.nutzu.com/poker-tournament.html" "Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 98)"
195.146.147.42 - - [16/Feb/2005:19:45:11 +0100] "GET / HTTP/1.1" 200 0 "http://commercial.visi.net/ala/wwwboard ... es/23.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon)"
80.58.2.235 - - [16/Feb/2005:19:45:11 +0100] "GET / HTTP/1.0" 200 200619 "http://www.nutzu.com/texas-poker.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; N_o_k_i_a)"
65.165.84.11 - - [16/Feb/2005:19:45:11 +0100] "GET / HTTP/1.0" 200 11591 "http://malta.co.uk/wwwboard/messages/197.html" "Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]"
207.30.229.130 - - [16/Feb/2005:19:45:11 +0100] "GET / HTTP/1.0" 200 248395 "http://www.nutzu.com/wsop.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; SAFEXPLORER TL)"
200.140.131.194 - - [16/Feb/2005:19:45:12 +0100] "GET / HTTP/1.0" 200 15207 "http://www.flagfootball.org/wwwboard/messages/2507.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 3.0)"
61.19.25.2 - - [16/Feb/2005:19:45:12 +0100] "GET / HTTP/1.0" 200 15339 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)"
211.46.197.60 - - [16/Feb/2005:19:45:12 +0100] "GET / HTTP/1.1" 200 18316 "http://www.nutzu.com/poker-game.html" "Mozilla/4.0 (compatible; Lotus-Notes/5.0; Windows-NT)"
211.46.197.60 - - [16/Feb/2005:19:45:12 +0100] "GET / HTTP/1.1" 200 18316 "http://www.nutzu.com/wsop.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)"
213.253.212.101 - - [16/Feb/2005:19:45:13 +0100] "GET / HTTP/1.1" 200 249759 "http://www.nutzu.com/texas-holdem-poker.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iRider 2.21.1108; FDM)"
200.168.30.134 - - [16/Feb/2005:19:45:14 +0100] "GET / HTTP/1.1" 200 12502 "-" "Mozilla/4.0 (compatible; Lotus-Notes/5.0; Windows-NT)"64.62.168.35 - - [16/Feb/2005:19:45:14 +0100] "GET /showthread,s=3a096731ee8d0d6b8e36b38e5f69e1e8&t-20410.htm HTTP/1.0" 200 12342 "-" "Gigabot/2.0"211.46.197.60 - - [16/Feb/2005:19:45:15 +0100] "GET / HTTP/1.1" 200 18316 "http://www.nutzu.com/poker-party.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; SAFEXPLORER TL)"
61.19.25.2 - - [16/Feb/2005:19:45:15 +0100] "GET / HTTP/1.0" 200 15339 "http://www.nutzu.com/video-poker.html" "Mozilla/4.0 (compatible; MSIE6.0; Windows NT 5.1; Maxthon)"
65.165.84.11 - - [16/Feb/2005:19:45:17 +0100] "GET / HTTP/1.0" 200 11591 "http://www.faroe-islands.de/wwwboard/messages/1291.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; KITV4.7 Wanadoo)"
65.165.84.11 - - [16/Feb/2005:19:45:17 +0100] "GET / HTTP/1.0" 200 11591 "http://www.nutzu.com/texas-hold-em-rules.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; NetCaptor 6.5.0RC1)"
213.187.69.90 - - [16/Feb/2005:19:45:17 +0100] "GET / HTTP/1.0" 200 30959 "http://www.run-services.com/wwwboard/messages/775.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 3.0)"
68.190.16.2 - - [16/Feb/2005:19:45:17 +0100] "GET / HTTP/1.0" 200 18103 "http://www.nutzu.com/poker-games.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 3.0)"
65.165.84.11 - - [16/Feb/2005:19:45:18 +0100] "GET / HTTP/1.0" 200 11591 "http://www.nutzu.com/free-online-poker.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
61.19.25.2 - - [16/Feb/2005:19:45:18 +0100] "GET / HTTP/1.0" 200 15339 "http://www.nutzu.com/rules-of-poker.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"