httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Help: Getting HUGE number of hits from wrong sites
Date Wed, 28 Aug 2002 22:39:57 GMT
On Wed, 28 Aug 2002, Chris Cioffi wrote:

> Hi there,
>
> I've been monitoring my access logs for the last several days and have
> noticed that I get a HUGE number (20k+/day) of page requests for domains
> that have nothing to do with me.
>
> Most of the sites are pr0n related.  I've gone through the DNS records with
> dig and I can't figure out why the requests are being sent to me.
>
> Here's a sample line:
> stopthesanity.org 24.90.155.12 - - \
>     [28/Aug/2002:17:55:14 -0400] \
>    "GET http://www.southern-charms.com/accalia/private/members.htm HTTP/1.0"
> \
>     404 221 "http://anonymous:nobody@nowhere.com@www.southern-\
>     charms.com/accalia/private/members.htm" \
>     "Mozilla/4.72 ( compatible; MSIE 4.0; Windows NT5.0; DigiExt )"
>

> TIA.  This is really cutting into my bandwidth and since I only have a 384k
> DSL line I'd like to resolve this issue.  As a last resort I'm considering
> requesting new IPs from my ISP, but that would be *very* disruptive.  (I not
> only host my own stuff, but I do DNS and mail backup for a few other
> companies.)

Given the quantity, it is very likely that at some point in the past you,
or someone else on that IP, was running an open proxy server.  The IP is
probably in some hacker's list of open proxy servers.  More details about
the issue are available in the FAQ:
http://httpd.apache.org/docs/misc/FAQ.html#proxyscan

But there is really nothing you can do from Apache to stop these things,
other than make sure you are not running an open proxy.  If it is really
eating up your bandwidth, then it should be considered a denial-of-service
attack and you should ask your ISP and the ISP of the malicious client to
help you get it stopped.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message