lefteriz Δημοσιεύτηκε Οκτώβριος 10, 2014 #1 Δημοσιεύτηκε Οκτώβριος 10, 2014 Λοιπόν, υπάρχει ενα πολύ μικρό site . Ένα blog ουσιαστικά με 4-5 αρθρα και ενα forum.ε το σαϊτ εδώ και μέρες έχει πέσει θύμα επίθεσης. Στην αρχή είχε γεμισει η βαση SQL με 200.000 comments και σχεδον δεν ανοιγε κανενα άλλο site που φιλοξενούσα. Απενεργοποίησα τα comments και την άδειασα.στο log βλεπω requests ανα 2''ενα παραδειγμα 216.244.75.106 - - [10/Oct/2014:17:49:12 +0300] "GET /item/13-oren-sw-24-8.html?start=18160&ar=105 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )"216.244.75.50 - - [10/Oct/2014:17:49:12 +0300] "GET /item/13-oren-sw-24-8.html?start=16760 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727 ; .NET CLR 4.0.30319)"216.244.75.50 - - [10/Oct/2014:17:49:12 +0300] "GET /item/13-oren-sw-24-8.html?start=17260&details=678 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )"216.244.75.50 - - [10/Oct/2014:17:49:11 +0300] "GET /item/12-istina.html?start=760 HTTP/1.1" 403 422 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705)"72.46.153.229 - - [10/Oct/2014:17:49:13 +0300] "GET /item/13-oren-sw-24-8.html?start=4590&ar=030 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"192.34.109.122 - - [10/Oct/2014:17:49:13 +0300] "GET /item/13-oren-sw-24-8.html?start=130&details=12 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727 ; .NET CLR 4.0.30319)"216.244.75.50 - - [10/Oct/2014:17:49:14 +0300] "GET /item/13-oren-sw-24-8.html?start=16670&comment=258 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"192.34.109.122 - - [10/Oct/2014:17:49:15 +0300] "GET /item/13-oren-sw-24-8.html?start=870 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705)"72.46.153.229 - - [10/Oct/2014:17:49:17 +0300] "GET /item/13-oren-sw-24-8.html?start=2070 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"192.34.109.122 - - [10/Oct/2014:17:49:17 +0300] "GET /item/13-oren-sw-24-8.html?start=540&pid=0712 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"192.184.44.173 - - [10/Oct/2014:17:49:18 +0300] "GET /item/13-oren-sw-24-8.html?start=4640 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727 ; .NET CLR 4.0.30319)"216.244.75.50 - - [10/Oct/2014:17:49:18 +0300] "GET /item/9-%CF%84%CE%BF-site-%CE%BC%CE%B1?.html?start=40&comment=773 HTTP/1.1" 403 434 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"216.244.75.50 - - [10/Oct/2014:17:49:18 +0300] "GET /item/13-oren-sw-24-8.html?start=2860&v=894 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727 ; .NET CLR 4.0.30319)"76.164.217.206 - - [10/Oct/2014:17:49:19 +0300] "GET /item/13-oren-sw-24-8.html?start=18100&v=0030 HTTP/1.1" 403 427 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"καποιες IP ενω τις μπλοκαρα στο .htaccess τις βλέπω πάλι.πχ γράφωorder Deny,Allow#partial ip addresses blockingdeny from 72.46.153deny from 192.34.109deny from 23.238.187deny from 76.164.217deny from 108.171.248deny from 192.34.109και βλεπω την IP 192.34.109.122 πάλι να μπαινει ...τι συμβαίνει;;;
defiant Οκτώβριος 12, 2014 #2 Οκτώβριος 12, 2014 Τα request αυτα που οδηγουσαν; Σε διαφημιστικα comments στο σαιτ σου;Referer μπορεις να δεις ;
Recommended Posts
Archived
This topic is now archived and is closed to further replies.