httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "kanarip" <kana...@pczb.net>
Subject Re: [users@httpd] Possible DDOS attack... ?
Date Wed, 15 Oct 2003 18:56:22 GMT
Maybe some person(s) just try to synchronize his local version of your
website, using dial up?

Or maybe someone mirrors your site?

Greets,

kanarip


----- Original Message -----
From: "Gil Disatnik" <gil@disatnik.com>
To: <users@httpd.apache.org>
Sent: Wednesday, October 15, 2003 7:22 PM
Subject: Re: [users@httpd] Possible DDOS attack... ?


> Thank you,
>
> Actually - I do see a legitimate access on one of the virtual hosts access
> log files, however, I see only a single GET for a one of the php files on
> the server and then the other gets for the objects referred to by the php
> output.
> Could it be that apache is spawning a child process for every GET
directive
> even if it's the same session? could it be the user's client has a problem
> and uses different session numbers all the time?
>
> I will check out mod_dosevasive, thanks!
>
> At 06:49 PM 10/15/2003, Brian Dessent wrote:
> >Gil Disatnik wrote:
> >
> > > As you can see, a single IP is connecting to 61.112.113.115 and a
different
> > > single IP is connecting to 142.61.13.11
> > > ps output shows that all servers were spawned in under a minute.
> > >
> > > Does that seem like an attack? should I start contacting the relevant
ISPs?
> > > (IP addresses are different from one "attack" to another, however most
of
> > > them belong to the same ISP).
> > > (Ip addresses listed here are not the real ones)
> >
> >Presumably there are accesslog entries for all these connections as
> >well?  If there are actual legitimate requests associated with these
> >then tt could be a broken spider/robot/web cache or something that's
> >hammering the server trying to gulp down too much.  Or is it someone
> >just creating connections to take up resources and not actually do
> >anything?
> >
> >In either case you may want to check out mod_dosevasive, which was
> >created for this very situation (limiting frequent connects from the
> >same remote host.)
> >
> >Brian
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP Server
Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
>
>
> Regards
>
> Gil Disatnik
> UNIX system administrator.
>
> GibsonLP@EFnet
> http://gil.disatnik.com
>
> _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
> apt-get install slackware
> --------------------------------------------------------------------
> "Windows NT has detected mouse movement, you MUST restart
> your computer before the new settings will take effect, [ OK ]"
> --------------------------------------------------------------------
> Windows is a 32 bit patch to a 16 bit GUI based on a 8 bit operating
> system, written for a 4 bit processor by a 2 bit company which can
> not stand 1 bit of competition.
> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message