httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kent Frazier <frazier...@sbcglobal.net>
Subject Re: [users@httpd] Possible DOS Attack
Date Sat, 21 May 2016 03:54:03 GMT
The abuse email address for  191.96.249.52 is abuse@dmzhost.co
(though most ISPs don't seem to care whether one of their systems has
been hacked or not)

On 5/20/16 4:00 PM, Roman Gelfand wrote:
> In the last 2 days we have received roughly 1milion of the following
> requests.  Just to confirm, is this a DOS attack?
>
> 191.96.249.52 - - [20/May/2016:18:19:22 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:22 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:24 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:26 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:26 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:28 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:28 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:29 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:29 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:29 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:29 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:30 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:30 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:30 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:31 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
> 191.96.249.52 - - [20/May/2016:18:19:31 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
>
> Also, what does this mean?
>
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
> connection)"
>
> Thanks in advance
>  



Mime
View raw message