Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache security |
|
| Author |
|
Qmpeltaty
Joined: 06 Feb 2008
Posts: 182
Location: Poland
|
 Posted: Mon 28 Jun '10 9:45 Post subject: Apache security |
 |
|
Is there any way to block such traffic :
| Code: |
[Mon Jun 21 03:25:20 2010] [error] [client 221.182.46.8] File does not exist: C:/Apache2.2/htdocs/mu8yw.html, referer: http://www.ob2zxz.com/5bswelv8j.html
[Mon Jun 21 03:25:20 2010] [error] [client 221.182.46.8] File does not exist: C:/Apache2.2/htdocs/d44x8.html, referer: http://www.ob2zxz.com/45cq7o9qb8o.html
[Mon Jun 21 03:25:25 2010] [error] [client 218.56.157.82] File does not exist: C:/Apache2.2/htdocs/5gk.html, referer: http://www.ta7.com/svs1epd.html
[Mon Jun 21 03:25:25 2010] [error] [client 218.56.157.82] File does not exist: C:/Apache2.2/htdocs/lxmf.html, referer: http://www.ta7.com/9twyx48rf.html
[Mon Jun 21 03:25:26 2010] [error] [client 221.182.46.8] request failed: error reading the headers
[Mon Jun 21 03:25:27 2010] [error] [client 58.255.194.133] File does not exist: C:/Apache2.2/htdocs/3ifh.html, referer: http://www.enni.com/c8swacc.html
[Mon Jun 21 03:25:27 2010] [error] [client 58.255.194.133] File does not exist: C:/Apache2.2/htdocs/vea2.html, referer: http://www.enni.com/8gcxoe6p7v.html
[Mon Jun 21 03:25:31 2010] [error] [client 218.56.157.82] request failed: error reading the headers
[Mon Jun 21 03:25:33 2010] [error] [client 58.255.194.133] request failed: error reading the headers
[Mon Jun 21 03:32:32 2010] [error] [client 58.63.31.117] File does not exist: C:/Apache2.2/htdocs/f9uikg.html, referer: http://www.fubegy.com/rsjc5wwgkp.html
[Mon Jun 21 03:32:32 2010] [error] [client 58.63.31.117] File does not exist: C:/Apache2.2/htdocs/wrmfto.html, referer: http://www.fubegy.com/fly29fyxel.html
[Mon Jun 21 03:32:38 2010] [error] [client 58.63.31.117] request failed: error reading the headers
[Mon Jun 21 03:47:17 2010] [error] [client 125.77.253.26] File does not exist: C:/Apache2.2/htdocs/w5xk.html, referer: http://www.mzdg.com/snhmjfu4eq.html
[Mon Jun 21 03:48:03 2010] [error] [client 125.87.76.177] File does not exist: C:/Apache2.2/htdocs/2ov.html, referer: http://www.dzj.com/kenr6ekg.html
[Mon Jun 21 03:48:35 2010] [error] [client 113.108.133.51] File does not exist: C:/Apache2.2/htdocs/91pcz6.html, referer: http://www.9u3.com/i3d2tnn.html
[Mon Jun 21 03:48:41 2010] [error] [client 113.108.133.51] request failed: error reading the headers
[Mon Jun 21 03:56:16 2010] [error] [client 221.235.58.8] File does not exist: C:/Apache2.2/htdocs/myxee.html, referer: http://www.2rk.com/ohsz95.html
[Mon Jun 21 03:56:39 2010] [error] [client 219.146.143.209] File does not exist: C:/Apache2.2/htdocs/qrblvo.html, referer: http://www.xng.org/9btapkplmpi.html
[Mon Jun 21 03:58:10 2010] [error] [client 66.249.67.243] File does not exist: C:/Apache2.2/htdocs/scandic_live/robots.txt
[Mon Jun 21 03:59:11 2010] [error] [client 119.63.198.51] File does not exist: C:/Apache2.2/htdocs/robots.txt
[Mon Jun 21 03:59:25 2010] [error] [client 123.131.23.31] File does not exist: C:/Apache2.2/htdocs/wk8.html, referer: http://www.w0r40d.com/zkblm6j3x.html
[Mon Jun 21 04:01:07 2010] [error] [client 114.223.170.215] File does not exist: C:/Apache2.2/htdocs/aup.html, referer: http://www.gd71es.com/9rnpehd.html
[Mon Jun 21 04:01:07 2010] [error] [client 114.223.170.215] File does not exist: C:/Apache2.2/htdocs/s1ipu.html, referer: http://www.gd71es.com/vxutg2.html
[Mon Jun 21 04:01:09 2010] [error] [client 219.142.70.53] File does not exist: C:/Apache2.2/htdocs/yxsz.html, referer: http://www.tc8su9.com/iprgay.html
[Mon Jun 21 04:01:09 2010] [error] [client 125.64.60.162] File does not exist: C:/Apache2.2/htdocs/ile7w.html, referer: http://www.ecgf.com/5a28jl9.html
[Mon Jun 21 04:01:09 2010] [error] [client 125.64.60.162] File does not exist: C:/Apache2.2/htdocs/bu0v46.html, referer: http://www.ecgf.com/i2gphola.html
[Mon Jun 21 04:01:14 2010] [error] [client 114.223.170.215] request failed: error reading the headers
[Mon Jun 21 04:01:46 2010] [error] [client 125.86.240.169] File does not exist: C:/Apache2.2/htdocs/8isg.html, referer: http://www.z5md.com/wp076u71vt.html
[Mon Jun 21 04:01:47 2010] [error] [client 125.86.240.169] File does not exist: C:/Apache2.2/htdocs/rqkqx.html, referer: http://www.z5md.com/dlaads.html
[Mon Jun 21 04:11:15 2010] [error] [client 122.68.72.49] File does not exist: C:/Apache2.2/htdocs/3k2zh.html, referer: http://www.7spbz.com/amd607hpa.html
[Mon Jun 21 04:11:15 2010] [error] [client 122.68.72.49] File does not exist: C:/Apache2.2/htdocs/n15.html, referer: http://www.7spbz.com/0ezohecbwgc.html
[Mon Jun 21 04:11:44 2010] [error] [client 114.93.47.253] File does not exist: C:/Apache2.2/htdocs/py2fv.html, referer: http://www.wpzj.org/h4n5r6f5.html
[Mon Jun 21 04:11:45 2010] [error] [client 114.93.47.253] File does not exist: C:/Apache2.2/htdocs/sro.html, referer: http://www.wpzj.org/7wpkqz.html
[Mon Jun 21 04:25:00 2010] [error] [client 222.247.159.29] File does not exist: C:/Apache2.2/htdocs/6hh0.html, referer: http://www.h8x.com/aym4uudnv.html |
It's obvious that this has been coused by some malware/virus or other shitty software ... How to block such traffic ? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Wed 30 Jun '10 19:39 Post subject: |
|
|
if you are using a firewall you can block IPs or better if you use a router you can block it before it reaches the PC with apache.
404 errors don't hurt. It is a quick response from the server faster than most handling.
For such situation I have vhosts. First localhost with an empty document root than the vhosts with the real domain names. So if someone tries to open a non existing domain apache choose the first vhost. localhost in my senario and I won't have to worry about it. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Wed 30 Jun '10 20:44 Post subject: |
|
|
| It looks like a referer spam botnet trying to flood your stats pages with sites that are most likely drive by malware downloads, pharma crap and bogus AV. Squid may stop it, at least from getting to the webserver. I think it's Squid, and there is a Windows version floating around. |
|
| Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008
Posts: 182
Location: Poland
|
| Posted: Thu 01 Jul '10 11:39 Post subject: |
|
|
| James Blond wrote: | if you are using a firewall you can block IPs or better if you use a router you can block it before it reaches the PC with apache.
404 errors don't hurt. It is a quick response from the server faster than most handling.
For such situation I have vhosts. First localhost with an empty document root than the vhosts with the real domain names. So if someone tries to open a non existing domain apache choose the first vhost. localhost in my senario and I won't have to worry about it. |
Too many ips to add it manually. I was thinking about mod_access_referer and some log parser which will create deny_referer list automatically. |
|
| Back to top |
|
|
|
|
|
|
