httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter pilsl <pi...@goldfisch.at>
Subject [users@httpd] myriads of access to unknown pages on my server bring my server down (DOS?)
Date Wed, 10 Mar 2010 13:34:28 GMT

My apache was slowing down big time today morning and when I looked at the logs I realized
that I've approx 10 page-requests per second from various ip's to pages that are not hosted
on my server.

example:

buzzurl.jp 204.45.41.82 - - [10/Mar/2010:14:49:34 +0100] "GET http://buzzurl.jp/tag/firefox%20add-ons/200902
HTTP/1.1" 200 19620 "-" "Mozilla/4.0 (compatible
; MSIE 6.0; Windows NT 5.1; SV1)"


the requested page and the source-IP are new in every line.

I know this "ghosts" from earlier logs and never knew why they were in my logs but I never
thought about it, cause they were infrequently. But now I'm really overrun by these request.


So I wonder: whats going on here?  Is this a targeted attack? where are these requests coming
from?

buzzurl.jp (from the above example) does not resolve to my host-ip, but thats not the issue
cause the name is in the request-header. What worries me more is that my apache didnt give
back a 404 like it should but a 200 !!??  

How can that be?  I dont have a default-page running and when I reconfigure my client here
so that buzzurl.jp points to my server and request buzzurl.jp then I get a 404.   

So again: whats going on here? Why does my apache give my precious time to stupid request?
does the request trick my apache?

As you can imagine I'm bit in a stress here, cause my "real" webpages are getting incredible
slow and the requests dont stop and I dont know how I can block them.

Any idea or experience with this? 

thnx
peter 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message