Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
#1 2011-12-18 22:45:18
AdamP - 
Użytkownik
Atak na serwer proxy którego nie ma
Witam
Posiadam serwer www, w logach jednej z domen zauważyłem wpisy które oznaczają że kilka set tysięcy osób ustawiło hosta i port 80 jako serwer proxy.
Jak to wyciąć na iptables ?Lista adresów IP ma ponad 160 tysięcy...
Adresy stron na które chcą wejść jest długa i zmienna.
Z góry dziękuję za pomoc
Adam
Offline
#2 2011-12-18 22:50:50
Jacekalex - Podobno człowiek...;)
- Jacekalex
- Podobno człowiek...;)
- Skąd: /dev/urandom
- Zarejestrowany: 2008-01-07
Re: Atak na serwer proxy którego nie ma
A gdzie są logi?
U wróżki?
Gdzie widziałeś, w telewizji?
I chyba raczej nie iptables, (choć może być pomocny), tylko konfiguracja demona, który wisi na porcie 80?
Ostatnio edytowany przez Jacekalex (2011-12-18 22:52:48)
W demokracji każdy naród ma taką władzę, na jaką zasługuje ;)
Si vis pacem para bellum ;) | Pozdrawiam :)
Offline
#3 2011-12-19 00:39:22
AdamP - Użytkownik
Re: Atak na serwer proxy którego nie ma
Log jednego z VHostów apache2
Kod:
68.233.239.98 - - [19/Dec/2011:00:31:27 +0100] "CONNECT 114.111.99.248:25 HTTP/1.0" 200 2955 "-" "-" 46.234.117.161 - - [19/Dec/2011:00:31:35 +0100] "POST http://174.140.154.15/?c=login HTTP/1.1" 200 2955 "-" "Googlebot" 201.230.48.79 - - [19/Dec/2011:00:31:34 +0100] "GET http://images.google.com/ HTTP/1.1" 200 2955 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; .NET CLR 1.1.4322; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" 79.5.176.64 - - [19/Dec/2011:00:31:38 +0100] "GET http://chaoscraft.ru/ HTTP/1.1" 200 2955 "-" "-" 112.208.232.87 - - [19/Dec/2011:00:31:42 +0100] "GET http://66.196.107.216/config/pwtoken_get?login=+++++++++++coco&src=ygodgw&passwd=a58a5895bb409a7e7e5ad54be15371a4&challenge=sLXHeKh.6202dEBKkyxueGkfLMBB&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 200.142.118.184 - - [19/Dec/2011:00:31:46 +0100] "GET http://www.youtube.com/watch?v=4aCkLzEKH08 HTTP/1.1" 404 15 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.8 (de) (TL-FF) (.NET CLR 3.5.30729)" 39.41.51.150 - - [19/Dec/2011:00:31:51 +0100] "GET http://edit.cn.yahoo.com/config/pwtoken_get?login=aksen@rogers.com&src=ygodgw&passwd=ba3f9232e2c30f81a2622471659c8b5e&challenge=n6uNGMxh622go50dcEjhXNk_Q3ue&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 46.164.239.41 - - [19/Dec/2011:00:31:55 +0100] "CONNECT store.steampowered.com:443 HTTP/1.0" 200 2955 "-" "-" 39.41.51.150 - - [19/Dec/2011:00:31:58 +0100] "GET http://r09.member.tw1.yahoo.com/config/pwtoken_get?login=akka@sbcglobal.net&src=ygodgw&passwd=ba3f9232e2c30f81a2622471659c8b5e&challenge=n6uNGMxh622go50dcEjhXNk_Q3ue&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 119.167.230.20 - - [19/Dec/2011:00:31:58 +0100] "CONNECT cas.sdo.com:443 HTTP/1.1" 200 2955 "-" "-" 119.167.230.20 - - [19/Dec/2011:00:31:59 +0100] "\x16\x03\x01" 200 2955 "-" "-" 119.167.230.20 - - [19/Dec/2011:00:32:00 +0100] "CONNECT cas.sdo.com:443 HTTP/1.1" 200 2955 "-" "-" 119.167.230.20 - - [19/Dec/2011:00:32:00 +0100] "\x16\x03\x01" 200 2955 "-" "-" 115.79.244.205 - - [19/Dec/2011:00:32:09 +0100] "GET http://trungvuongqn.net/forum.php HTTP/1.1" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" 173.224.212.138 - - [19/Dec/2011:00:32:33 +0100] "GET http://crazymonsterafa.blogspot.com HTTP/1.1" 200 2955 "http://software.refererx.com" "dbDig(http://www.prairielandconsulting.com)" 46.234.117.161 - - [19/Dec/2011:00:32:35 +0100] "POST http://174.140.154.15/?c=login HTTP/1.1" 200 2955 "-" "Googlebot" 204.232.180.121 - - [19/Dec/2011:00:32:39 +0100] "GET http://lsmedia.us.com/proxyheader.php HTTP/1.0" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 204.232.180.121 - - [19/Dec/2011:00:32:39 +0100] "GET http://www.yahoo.com/ HTTP/1.0" 200 2955 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 50.112.41.253 - - [19/Dec/2011:00:32:41 +0100] "POST http://78.140.176.180/user/login HTTP/1.1" 404 15 "-" "Googlebot" 31.184.236.13 - - [19/Dec/2011:00:32:57 +0100] "GET http://webparte.ru/p/proxyc-hrefer_vds/engine.php HTTP/1.0" 404 15 "http://webparte.ru/p/proxyc-hrefer_vds/engine.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)" 124.248.35.205 - - [19/Dec/2011:00:32:58 +0100] "GET http://www.capitalairlines.com.cn/flight/flightresult.action?orgCity=SYX&dstCity=CKG&flightDate=2011-12-22&index=1 HTTP/1.1" 404 15 "http://www.capitalairlines.com.cn/flight/searchflight.action" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727)" 46.164.239.41 - - [19/Dec/2011:00:33:01 +0100] "CONNECT store.steampowered.com:443 HTTP/1.0" 200 2955 "-" "-" 190.203.101.192 - - [19/Dec/2011:00:33:03 +0100] "GET http://83.13.255.222/ HTTP/1.0" 200 2955 "-" "-" 69.175.6.36 - - [19/Dec/2011:00:33:05 +0100] "GET http://209.191.92.114/config/isp_verify_user HTTP/1.0" 404 15 "-" "-" 84.220.218.97 - - [19/Dec/2011:00:33:06 +0100] "GET http://m.wickedpictures.com/user/login HTTP/1.0" 404 15 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3" 112.208.232.87 - - [19/Dec/2011:00:33:06 +0100] "GET http://l09.member.bf1.yahoo.com/config/pwtoken_get?login=+++++++coco&src=ygodgw&passwd=56c71e27a18a8dac23d31a330065730b&challenge=MiDZtm6K5G1jPQtFZF20EFXHMqpO&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 210.86.239.174 - - [19/Dec/2011:00:33:11 +0100] "POST http://78.140.135.6/en/login.php?return=%2Fen%2F HTTP/1.1" 404 15 "-" "Googlebot" 220.194.57.72 - - [19/Dec/2011:00:33:20 +0100] "GET http://hnair.travelsky.com/huet/b2c_av.do?orgID=HUAIRNEW&queryModel=mixquery&tripType=ONEWAY&orgCity=PEK&dstCity=CAN&takeoffDate=2011-12-22 HTTP/1.1" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727)" 114.246.64.151 - - [19/Dec/2011:00:33:27 +0100] "POST http://www.88888888.cn/ScalB2CWeb/ETicket/AirlineList.aspx HTTP/1.1" 404 15 "http://www.88888888.cn/ScalB2CWeb/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727)" 125.110.138.163 - - [19/Dec/2011:00:33:34 +0100] "GET http://box10.tv/proxyheader.php HTTP/1.0" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 125.110.138.163 - - [19/Dec/2011:00:33:35 +0100] "GET http://www.yahoo.com/ HTTP/1.0" 200 2955 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 46.234.117.161 - - [19/Dec/2011:00:33:36 +0100] "POST http://174.140.154.15/?c=login HTTP/1.1" 200 2955 "-" "Googlebot" 184.22.68.216 - - [19/Dec/2011:00:33:40 +0100] "GET http://snowboardtopbrands.archivewordpress.com/ HTTP/1.1" 200 2955 "http://software.refererx.com" "Contact" 184.22.145.229 - - [19/Dec/2011:00:33:50 +0100] "GET https://l04.member.mud.yahoo.com/config/login?login=_i___&passwd=0lne41 HTTP/1.0" 404 15 "-" "-" 71.93.133.7 - - [19/Dec/2011:00:33:50 +0100] "GET http://www.scifi.pages.at/x-paradox/azenv.php HTTP/1.1" 404 15 "-" "Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285" 199.26.84.41 - - [19/Dec/2011:00:33:53 +0100] "GET http://l01.member.aue.yahoo.com/config/login?login=shahid.texas@att.net&passwd=account HTTP/1.0" 404 15 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5" 31.210.99.54 - - [19/Dec/2011:00:34:04 +0100] "GET http://www.filesonic.com/ HTTP/1.0" 200 2955 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 68.233.239.100 - - [19/Dec/2011:00:34:05 +0100] "CONNECT 183.79.57.237:25 HTTP/1.0" 200 2955 "-" "-" 46.164.239.41 - - [19/Dec/2011:00:34:09 +0100] "CONNECT store.steampowered.com:443 HTTP/1.0" 200 2955 "-" "-" 112.240.118.185 - - [19/Dec/2011:00:34:11 +0100] "GET http://www.anf-z.com/zt407314/pdlistone/products/10812074.html HTTP/1.1" 404 15 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (FM Scene 4.6.1)" 200.142.118.184 - - [19/Dec/2011:00:34:13 +0100] "GET http://www.youtube.com/watch?v=4aCkLzEKH08 HTTP/1.1" 404 15 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.9) Gecko/2009040820 Firefox/3.0.9" 68.233.239.12 - - [19/Dec/2011:00:34:14 +0100] "CONNECT 183.79.57.238:25 HTTP/1.0" 200 2955 "-" "-" 173.224.212.138 - - [19/Dec/2011:00:34:19 +0100] "GET http://hidayahlela.blogspot.com HTTP/1.1" 200 2955 "http://software.refererx.com" "fileboost.net/1.0 (+http://www.fileboost.net)" 39.41.51.150 - - [19/Dec/2011:00:34:21 +0100] "GET http://217.12.6.46/config/pwtoken_get?login=alh@xtra.co.nz&src=ygodgw&passwd=3f9e3127bd1dcb8b72f96b4839722847&challenge=kJ_X.avd5G1pxqmncsk.r_aDGDrQ&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 112.208.232.87 - - [19/Dec/2011:00:34:25 +0100] "GET http://119.160.244.96/config/pwtoken_get?login=+++++++coco&src=ygodgw&passwd=a2ed0a69b30b2c5bb5a8d3801611efe4&challenge=4ZFYu9HS5G0etM9lAIBXPYEDsZKQ&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 220.194.57.72 - - [19/Dec/2011:00:34:29 +0100] "POST http://www.88888888.cn/ScalB2CWeb/ETicket/AirlineList.aspx HTTP/1.1" 404 15 "http://www.88888888.cn/ScalB2CWeb/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727)" 68.233.239.98 - - [19/Dec/2011:00:34:34 +0100] "CONNECT 183.79.57.238:25 HTTP/1.0" 200 2955 "-" "-" 175.142.96.73 - - [19/Dec/2011:00:34:37 +0100] "POST http://199.7.177.238/login.php HTTP/1.1" 302 - "-" "Googlebot" 46.234.117.161 - - [19/Dec/2011:00:34:38 +0100] "POST http://174.140.154.15/?c=login HTTP/1.1" 200 2955 "-" "Googlebot" 115.147.91.225 - - [19/Dec/2011:00:34:43 +0100] "GET http://98.136.62.171/config/pwtoken_get?login=ae%&src=ygodgw&passwd=739e33b3167454c56841c34e5585af2f&challenge=PkTXpMUr5G37sW3hwpGH3O4wU7pe&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 203.82.93.13 - - [19/Dec/2011:00:34:47 +0100] "GET http://l05.member.ird.yahoo.com/config/login?login=kadan100@rogers.com&passwd=123456 HTTP/1.0" 404 15 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5" 94.216.220.237 - - [19/Dec/2011:00:34:50 +0100] "GET /" 400 587 "-" "-" 94.65.68.73 - - [19/Dec/2011:00:34:51 +0100] "GET http://www.ultrasonline2.com/ref/DOOMLORD3/ HTTP/1.1" 404 15 "http://www.datainspektionen.se/in_english/start.shtml" "Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6c" 174.140.172.189 - - [19/Dec/2011:00:34:51 +0100] "GET http://hzs22.cnzz.com/stat.htm?id=3581787 HTTP/1.1" 404 15 "-" "PycURL/7.15.5" 68.233.239.98 - - [19/Dec/2011:00:34:57 +0100] "CONNECT 183.79.29.238:25 HTTP/1.0" 200 2955 "-" "-" 124.164.13.206 - - [19/Dec/2011:00:34:58 +0100] "GET http://www.52bt.org/bbs/forum.php?fromuid=22135 HTTP/1.1" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)" 93.84.239.52 - - [19/Dec/2011:00:35:04 +0100] "GET http://images.google.com/ HTTP/1.1" 200 2955 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; .NET CLR 1.1.4322; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" 65.52.25.78 - - [19/Dec/2011:00:35:06 +0100] "GET http://api.rapidshare.com/cgi-bin/rsapi.cgi?sub=getaccountdetails&login=acdogg%20&password=123456&withpublicid=3&withcookie=1&cbid=1&cbf=rs.jsonp.callback HTTP/1.1" 404 15 "-" "-" 211.193.254.175 - - [19/Dec/2011:00:35:14 +0100] "GET http://search.yahoo.com/search?p=cartwheel%27s+inurl:/phpbb3/memberlist.php%3Fmode%3D&sm=Yahoo%21+Search&fr=FP-tab-web-t&toggle=1&cop=&ei=UTF-8 HTTP/1.0" 404 15 "http://search.yahoo.com/search?p=cartwheel%27s+inurl:/phpbb3/memberlist.php%3Fmode%3D&sm=Yahoo%21+Search&fr=FP-tab-web-t&toggle=1&cop=&ei=UTF-8" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1" 46.164.239.41 - - [19/Dec/2011:00:35:18 +0100] "CONNECT store.steampowered.com:443 HTTP/1.0" 200 2955 "-" "-" 39.41.51.150 - - [19/Dec/2011:00:35:22 +0100] "GET http://l35.member.sp1.yahoo.com/config/pwtoken_get?login=albarra`n@yahoo.cn&src=ygodgw&passwd=6bccb8a2376662812b824d98162a4c4d&challenge=ltNSRDMh5G0NYTQteGoN5LTp8Mvr&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 123.183.209.214 - - [19/Dec/2011:00:35:22 +0100] "GET http://www.nsegame.com/proxy.php HTTP/1.0" 404 15 "http://www.cashsoldier.com/VerifyerLevel.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 123.183.209.214 - - [19/Dec/2011:00:35:26 +0100] "GET http://www.nsegame.com/proxy.php HTTP/1.0" 404 15 "http://www.cashsoldier.com/VerifyerLevel.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 39.41.51.150 - - [19/Dec/2011:00:35:30 +0100] "GET http://217.146.187.189/config/pwtoken_get?login=albertine@btinternet.com&src=ygodgw&passwd=83cf85185dc3fb421b8a438d856e1c8e&challenge=4Avw4YFl5G1o0DdIntoLtA1VtWGv&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 68.233.239.101 - - [19/Dec/2011:00:35:38 +0100] "CONNECT 183.79.57.238:25 HTTP/1.0" 200 2955 "-" "-" 46.234.117.161 - - [19/Dec/2011:00:35:40 +0100] "POST http://174.140.154.15/?c=login HTTP/1.1" 200 2955 "-" "Googlebot" 184.22.68.216 - - [19/Dec/2011:00:35:41 +0100] "GET http://somidwestern.wordpress.com/ HTTP/1.1" 200 2955 "http://software.refererx.com" "FnooleBot/2.5.2 (+http://www.fnoole.com/addurl.html)" 91.205.97.154 - - [19/Dec/2011:00:35:47 +0100] "GET http://rabota.mail.ru/vac_search/?go=1&page=17 HTTP/1.1" 404 15 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.1) Gecko/2008070208" 112.208.232.87 - - [19/Dec/2011:00:35:49 +0100] "GET http://l05.member.kr3.yahoo.com/config/pwtoken_get?login=grjd&src=ygodgw&passwd=5535f13c60569caae3d2664d1932ef22&challenge=kAI.B9pu5G0m8A_UKQ8M0IIS54Ua&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 203.82.93.13 - - [19/Dec/2011:00:35:52 +0100] "GET http://l03.member.ukl.yahoo.com/config/login?login=laden100@rogers.com&passwd=123456 HTTP/1.0" 404 15 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5" 83.95.99.55 - - [19/Dec/2011:00:35:56 +0100] "CONNECT api.rapidshare.com:443/cgi-bin/rsapi.cgi?sub=getaccountdetails&login=<<USERNAME>>&password=<<PASSWORD>>&withpublicid=3&withcookie=1&cbid=1&cbf=rs.jsonp.callback HTTP/1.1" 400 372 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1" 92.231.240.125 - - [19/Dec/2011:00:36:00 +0100] "GET http://www.schulterglatze.de/spenden/1727 HTTP/1.1" 404 15 "http://the.honoluluadvertiser.com/board/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.8.1.2) Gecko/20070222 SeaMonkey/1.1.1" 109.85.119.211 - - [19/Dec/2011:00:36:00 +0100] "GET http://www.schulterglatze.de/spenden/86368 HTTP/1.1" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)" 173.212.212.132 - - [19/Dec/2011:00:36:06 +0100] "POST http://seobox.net/proxy5/check.php HTTP/1.1" 404 15 "http://309928d4b1/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 117.41.142.158 - - [19/Dec/2011:00:36:11 +0100] "GET http://59.53.91.9/proxyheader.php HTTP/1.0" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 124.164.13.206 - - [19/Dec/2011:00:36:12 +0100] "GET http://www.52bt.org/bbs/forum.php?fromuid=22135 HTTP/1.1" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)" 117.41.142.158 - - [19/Dec/2011:00:36:12 +0100] "GET http://www.yahoo.com/ HTTP/1.0" 200 2955 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 124.164.13.206 - - [19/Dec/2011:00:36:13 +0100] "GET http://www.52bt.org/bbs/forum.php?fromuid=22135 HTTP/1.1" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)" 95.8.234.3 - - [19/Dec/2011:00:36:17 +0100] "GET http://members.twistys.com/ HTTP/1.1" 200 2955 "http://www.webradiowien.at/welcome.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 218.71.165.132 - - [19/Dec/2011:00:36:18 +0100] "GET http://www.777seo.com/seo.php?username=zjwlwz&format=ptp HTTP/1.1" 404 15 "http://www.ziddu.com/download/16056572/skypowerOff.rar.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6" 186.18.126.192 - - [19/Dec/2011:00:36:20 +0100] "GET http://u4.ac.hk2.yahoo.com/hk/rss/booth/iceman_jester@prodigy.net HTTP/1.1" 404 15 "-" "-" 218.71.165.132 - - [19/Dec/2011:00:36:21 +0100] "GET http://www.redcpm.com/bann.php?id=164&sid=15&f=468 HTTP/1.1" 404 15 "http://xinhong2007.doodlekit.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6" 46.164.239.41 - - [19/Dec/2011:00:36:25 +0100] "CONNECT store.steampowered.com:443 HTTP/1.0" 200 2955 "-" "-" 85.25.95.64 - - [19/Dec/2011:00:36:35 +0100] "GET http://a.tutad.com/azenv.php HTTP/1.1" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 190.225.107.4 - - [19/Dec/2011:00:36:39 +0100] "GET http://www.ultrasonline2.com/ref/Xeneize7/ HTTP/1.1" 404 15 "-" "Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6c" 200.142.118.184 - - [19/Dec/2011:00:36:41 +0100] "GET http://www.youtube.com/watch?v=4aCkLzEKH08 HTTP/1.1" 404 15 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; ch; rv:1.9.0.8) Gecko/2009032608 [www.VIS-Network.de]" 180.74.84.202 - - [19/Dec/2011:00:36:43 +0100] "GET http://login.yahoo.com/config/isp_verify_user? HTTP/1.0" 404 15 "-" "-" 82.146.46.158 - - [19/Dec/2011:00:36:49 +0100] "POST http://proxy.quickidea.ru/proxy5/check.php HTTP/1.1" 404 15 "http://358f9e7be0/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 112.208.232.87 - - [19/Dec/2011:00:36:51 +0100] "GET http://68.142.242.92/config/pwtoken_get?login=uknh&src=ygodgw&passwd=5e0140098fb0cfccff4e4de26eb0b38f&challenge=xDHNb3ei5W2bH3CufsVWOynaZBPu&md5=1 HTTP/1.0" 404 15 "-" "MobileRunner-J2ME" 125.73.9.17 - - [19/Dec/2011:00:36:59 +0100] "GET http://clickingagent.com/proxycheck.php?ip=83.13.255.222&port=80&loc= HTTP/1.1" 404 15 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 125.73.9.17 - - [19/Dec/2011:00:37:00 +0100] "GET http://www.lightning-ptp.fr/credit2.php?pseudo=goop888 HTTP/1.1" 404 15 "http://www.clickersheaven.info" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" 68.233.239.101 - - [19/Dec/2011:00:37:00 +0100] "CONNECT 114.111.99.248:25 HTTP/1.0" 200 2955 "-" "-" 203.82.93.13 - - [19/Dec/2011:00:37:04 +0100] "GET http://l01.member.sp1.yahoo.com/config/login?login=banthony100@rogers.com&passwd=123456 HTTP/1.0" 404 15 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5" 218.71.165.132 - - [19/Dec/2011:00:37:12 +0100] "GET http://www.777seo.com/seo.php?username=zjwlwz&format=300x250 HTTP/1.1" 404 15 "http://www.ziddu.com/download/16224796/hanzipinyin.zip.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 50.112.41.253 - - [19/Dec/2011:00:37:26 +0100] "POST http://78.140.176.180/user/login HTTP/1.1" 404 15 "-" "Googlebot" 184.22.145.229 - - [19/Dec/2011:00:37:29 +0100] "GET https://l05.member.mud.yahoo.com/config/login?login=i_lo_&passwd=0lne41 HTTP/1.0" 404 15 "-" "-" 31.210.99.54 - - [19/Dec/2011:00:37:30 +0100] "GET http://www.filesonic.com/ HTTP/1.0" 200 2955 "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00" 46.164.239.41 - - [19/Dec/2011:00:37:32 +0100] "CONNECT store.steampowered.com:443 HTTP/1.0" 200 2955 "-" "-" 46.234.117.161 - - [19/Dec/2011:00:37:41 +0100] "POST http://174.140.154.15/?c=login HTTP/1.1" 200 2955 "-" "Googlebot" 184.22.68.216 - - [19/Dec/2011:00:37:45 +0100] "GET http://spectrafidelis.wordpress.com/ HTTP/1.1" 200 2955 "http://software.refererx.com" "AlkalineBOT/1.4 (1.4.0326.0 RTM)"
jeden z URLi to http://proxy.quickidea.ru/proxy5/check.php - nazwa mówi sama za siebie...
Ostatnio edytowany przez AdamP (2011-12-19 00:40:22)
Offline
#4 2011-12-19 03:04:47
Jacekalex - Podobno człowiek...;)
- Jacekalex
- Podobno człowiek...;)
- Skąd: /dev/urandom
- Zarejestrowany: 2008-01-07
Re: Atak na serwer proxy którego nie ma
Apacha schowałbym za Lighttpd albo Nginxiem (Apache też tak działa jednak przy takich numerach generuje spore obciązenie), na takim rev-proxy ustawienie (można regexem) co ma przepuszczać, reszta 404.
Na Nginxie żadnego istotnego obciążenia w takiej robocie nie zobaczysz.
Na Lighttpd podobnie - za to jest latwieszy w konfiguracji.
Co do linku: http://proxy.quickidea.ru/proxy5/check.php
to ta strona jest na twoim serwerze?
Bo z tego, co widzę, to ona tylko pokazuje nagłówki, jakie lubią dodawać do zapytania GET serwery proxy, w ten sposób pokazując, czy to jest prywatny proxy, czy gaduła, ujawniająca prawdziwy adres hosta wysyłającego zapytanie (w nagłówkach HTTP:X_FORWARDED_FOR i podobnych).
Służy raczej do testowania proxy.
Iptables natomiast, modułami connlimit i hashlimit może pomóc, gdyby z jednego adresu lub sieci trzeba ograniczyć max liczbę połączeń, lub max liczbę prób połączenia.
Zapytania GET i POST lepiej fitrować albo na rev-proxy, albo ewentualnie mod_security (świetnie się nadaje) lub mod_rewrite (też można) ale używanie Apacha i tych modułów do takiego śmiecia powoduje znacznie większe użycie procka i ramu, niż na Nginxie lub Lightym.
To by w zasadzie było na tyle.
;-)
Ostatnio edytowany przez Jacekalex (2011-12-19 17:49:55)
W demokracji każdy naród ma taką władzę, na jaką zasługuje ;)
Si vis pacem para bellum ;) | Pozdrawiam :)
Offline
Informacje debugowania
| Time (s) | Query |
|---|---|
| 0.00022 | SET CHARSET latin2 |
| 0.00012 | SET NAMES latin2 |
| 0.00213 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.149.236.96' WHERE u.id=1 |
| 0.00228 | UPDATE punbb_online SET logged=1716125937 WHERE ident='3.149.236.96' |
| 0.00056 | SELECT * FROM punbb_online WHERE logged<1716125637 |
| 0.00277 | DELETE FROM punbb_online WHERE ident='185.191.171.1' |
| 0.00145 | SELECT topic_id FROM punbb_posts WHERE id=188265 |
| 0.00211 | SELECT id FROM punbb_posts WHERE topic_id=20259 ORDER BY posted |
| 0.00164 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=20259 AND t.moved_to IS NULL |
| 0.00012 | SELECT search_for, replace_with FROM punbb_censoring |
| 0.00294 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=20259 ORDER BY p.id LIMIT 0,25 |
| 0.00217 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=20259 |
| Total query time: 0.01851 s | |