服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 每秒向httpd服务器发送200个请求,但不访问服务器
Intereting Posts
NTP Meinberg GPS167:如何连接到以太网? 突袭5重build史诗般的失败 如何在不从SQL Server中删除程序集的情况下更新CLR程序集 电子邮件营销和白名单IP地址 – 100%确定的交付 处理来自被阻止的IP的POST请求 监控带宽,内存使用情况,负载等的软件 问题:Ubuntu服务器死了。 我可以从备份访问/ var / lib / mysql文件…如何让他们备份在另一台机器上? 如何通过Windows Server 2003在不同的IP上路由多个站点 Sudo永远是第一次运行 Zabbix 3.4,Oracle Linux 7.4:php-mbstring和php-bcmath错误 将vmware工作站10移到ESX DIG域ns无法到达 将WAN绑定到TD-W8960N 如何设置Django与IIS 8? 什么是“多森林环境”?

每秒向httpd服务器发送200个请求,但不访问服务器

我似乎有一个不寻常的攻击(或似乎如此)。 我找不到可能发生在别人身上的类似事件。

这是来自/ var / logs / httpd / access_log的一些请求的片段: 

104.202.82.76 - - [06/Dec/2015:16:19:27 +0000] "GET http://ib.adnxs.com/ttj?id=5705256&cb=${CACHEBUSTER}&pubclick=${CLICK_URL} HTTP/1.0" 302 - "http://www.healthfmbox.com/?p=952" "Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; fi-fi) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148a Safari/6533.18.5" 104.202.82.67 - - [06/Dec/2015:16:19:27 +0000] "GET https://gum.criteo.com:443/sync?c=30&r=2&j=cr_handle_data_a HTTP/1.0" 500 534 "http://www.healthfmbox.com/?p=4" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16" 23.89.251.178 - - [06/Dec/2015:16:19:27 +0000] "GET http://ib.adnxs.com/ttj?ttjb=1&bdc=1449418757&bdh=mJxlczTI4elSgTdPCRLn3nz2Ty8.&&view_vs=2&bdref=http%3A%2F%2Fwww.healthyyt.com%2F%3Fp%3D344&bdtop=true&bdifs=0&bstk=http%3A%2F%2Fwww.healthyyt.com%2F%3Fp%3D344&&id=5700353 HTTP/1.0" 200 - "http://www.healthyyt.com/?p=344" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; ja-jp) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16" 104.202.144.210 - - [06/Dec/2015:16:19:27 +0000] "GET http://47.teracreative.com/WhiteLabelBidRequestHandlerServlet?oid=47&width=728&height=90&pubid=139708&tagid=810768&pstn=ENTER_PLACEMENT_ID_HERE&noaop=1&revmod=INSERT_CONTENT_TYPE&encoded=1&cb=INSERT_CACHEBUSTER&keywords=INSERT_COMMA_SEPARATED_KEYWORDS&callback=document.write&urlonly=1 HTTP/1.0" 200 40 "http://www.autosoldbest.com/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; ja-JP) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16" 104.197.151.225 - - [06/Dec/2015:16:19:26 +0000] "CONNECT lq.pbe1.lol.riotgames.com:443 HTTP/1.1" 200 - "-" "-" 85.25.198.36 - - [06/Dec/2015:16:19:27 +0000] "CONNECT lq.euw1.lol.riotgames.com:443 HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 OPR/30.0.1835.59" 176.31.175.202 - - [06/Dec/2015:16:19:27 +0000] "CONNECT lq.euw1.lol.riotgames.com:443 HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 OPR/30.0.1835.59" 74.91.17.35 - - [06/Dec/2015:16:19:27 +0000] "GET http://55.teracreative.com/WhiteLabelBidRequestHandlerServlet?oid=55&width=728&height=90&pubid=148917&tagid=854467&pstn=ENTER_PLACEMENT_ID_HERE&noaop=1&revmod=INSERT_CONTENT_TYPE&encoded=1&cb=INSERT_CACHEBUSTER&keywords=INSERT_COMMA_SEPARATED_KEYWORDS&callback=document.write&urlonly=1 HTTP/1.0" 200 837 "http://www.superkinggame.com/games/326/crash-bandicoot.html" "Mozilla/5.0 (Windows NT 5.1; U; rv:5.0) Gecko/20100101 Firefox/5.0" 104.202.82.78 - - [06/Dec/2015:16:19:27 +0000] "GET http://ib.adnxs.com/ttj?ttjb=1&bdc=1449418757&bdh=anzD4Bcoh4UlOB1sU78J1oceoXc.&&view_vs=2&bdref=http%3A%2F%2Fwww.healthfmbox.com%2F%3Fp%3D45&bdtop=true&bdifs=0&bstk=http%3A%2F%2Fwww.healthfmbox.com%2F%3Fp%3D45&&id=5705256&cb=${CACHEBUSTER}&pubclick=${CLICK_URL} HTTP/1.0" 200 - "http://www.healthfmbox.com/?p=45" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; ru-ru) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16" 104.202.144.210 - - [06/Dec/2015:16:19:27 +0000] "GET http://47.teracreative.com/WhiteLabelBidRequestHandlerServlet?oid=47&width=300&height=250&pubid=139708&tagid=810748&pstn=ENTER_PLACEMENT_ID_HERE&noaop=1&revmod=INSERT_CONTENT_TYPE&encoded=1&cb=INSERT_CACHEBUSTER&keywords=INSERT_COMMA_SEPARATED_KEYWORDS&callback=document.write&urlonly=1 HTTP/1.0" 200 40 "http://www.autosoldbest.com/the-quality-of-the-trucks-you-drive-determines-the-quality-of-work-achieved.html" "Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; de-de) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5"

httpd.conf中<VirtualHost>标签: 

 <VirtualHost *:80> DocumentRoot /var/www ServerName my.domain.name.here Options -Indexes ProxyRequests On ProxyPass ... ! ProxyPass / http://my.domain.name.here:3000/ </VirtualHost> SSLProtocol all -SSLv2 -SSLv3

(为了安全,ProxyPasses已经被删除,以及域名)

任何想法,为什么会发生? 日志文件很快填满了服务器的硬盘!

系统操作系统和版本: 

 cat /etc/redhat-release CentOS release 6.7 (Final)

谢谢。

打开 ProxyRequests使您的Web服务器成为开放的代理服务器 。 有人发现了它,你的服务器现在正被互联网上的许多人滥用。 立即closures。 反向代理到您的Web应用程序是没有必要的或有用的。