bruteforce - viele Anfragen von fremden Domains

Alles, was den Apache betrifft, kann hier besprochen werden.

bruteforce - viele Anfragen von fremden Domains

Postby taf_jan » 29. December 2009 11:24

Hallo,
ich habe seit 12.12.2009 ca. 1000 http Anfragen pro Minute auf meinen apache. Dies ist soviel, dass er sehr lange zum antworten braucht.
100.000 Anfragen stammen durchschnittlich von 1500 verschieden Clients, egal ob Windows, Linux oder OSX mit verschiedenen Browsertypen.
Die Anfragen sehen für mich einfach falsch geroutet aus, da darunter z.b. google Anfragen, icq, foren, webseitenaufrufe, etc. sind.

Kennt jmd dieses Verhalten in dem Ausmass?
Könnte es falsch geroutet sein?
Ist dies eine Bruteforce Attacke?
Was kann man dagegen unternehmen?
Der Server ist bei Strato gehostet.

---8<--access.log--8<---
41.202.198.188 - - [29/Dec/2009:11:23:29 +0100] "GET http://www.google-analytics.com/__utm.g ... %3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B HTTP/1.1" 200 35 "http://aielli.olx.it/mini-chihuahua-cuccioli-iid-61091042" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5"
90.3.56.49 - - [29/Dec/2009:11:23:29 +0100] "CONNECT 90.3.56.49:16001 HTTP/1.0" 403 309 "-" "-"
222.186.26.31 - - [29/Dec/2009:11:23:28 +0100] "GET http://toppicture.host56.com/adult360.jpg HTTP/1.0" 200 22198 "http://www.trustingboy.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
218.61.22.2 - - [29/Dec/2009:11:23:29 +0100] "GET http://www.yahoo.com/ HTTP/1.0" 302 173 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
222.130.25.86 - - [29/Dec/2009:11:23:28 +0100] "GET http://hits.blog.sina.com.cn/hits?act=4 ... d90100f5dd HTTP/1.0" 200 38 "http://blog.sina.com.cn/WangdideBLOG" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3)"
125.65.45.244 - - [29/Dec/2009:11:23:29 +0100] "GET http://ad.reduxmedia.com/iframe3?rQtPAO ... sfox.info/ HTTP/1.0" 302 - "http://ad.reduxmedia.com/st?ad_type=iframe&ad_size=300x250&section=675053" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b1) Gecko/2007110703 Firefox/3.0b1"
222.134.237.138 - - [29/Dec/2009:11:23:29 +0100] "GET http://ad.globaltakeoff.net/imp?Z=728x9 ... fs.htm&r=1 HTTP/1.0" 302 - "http://www.softwaregreen.net/superstar-chefs.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; Alexa Toolbar)"
41.202.198.188 - - [29/Dec/2009:11:23:29 +0100] "GET http://bilder.markt.de/images/200912010 ... 9654882000 HTTP/1.1" 200 4466 "http://www.markt.de/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5"
41.202.198.188 - - [29/Dec/2009:11:23:29 +0100] "GET http://bilder.markt.de/images/200912191 ... 1218658000 HTTP/1.1" 200 2260 "http://www.markt.de/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5"
41.202.198.188 - - [29/Dec/2009:11:23:29 +0100] "GET http://bilder.markt.de/images/200910121 ... 1912850000 HTTP/1.1" 200 2916 "http://www.markt.de/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5"
115.132.136.213 - - [29/Dec/2009:11:23:29 +0100] "GET http://n3.login.re3.yahoo.com/config/pw ... i4WK&md5=1 HTTP/1.0" 200 6 "-" "MobileRunner-J2ME"
118.123.114.158 - - [29/Dec/2009:11:23:29 +0100] "GET http://ad.adfunky.com/imp?Z=728x90,468x ... %3D272&r=1 HTTP/1.0" 302 - "http://ad.bangmedianetwork.com/promoteburner/_728x90/_xx.php?id=272" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; Alexa Toolbar)"
125.65.45.158 - - [29/Dec/2009:11:23:29 +0100] "GET http://ad.reachjunction.com/st?ad_type= ... ion=652844 HTTP/1.0" 200 4502 "http://www.tuttoflash.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
115.132.136.213 - - [29/Dec/2009:11:23:29 +0100] "GET http://e20.edit.cnb.yahoo.com/config/pw ... dTU0&md5=1 HTTP/1.0" 200 4 "-" "MobileRunner-J2ME"
41.202.198.188 - - [29/Dec/2009:11:23:30 +0100] "GET http://bilder.markt.de/images/200908101 ... 9916035000 HTTP/1.1" 200 2791 "http://www.markt.de/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5"
123.55.240.10 - - [29/Dec/2009:11:23:29 +0100] "GET http://members.commissionmonster.com/Tr ... 4079/91169 HTTP/1.0" 302 135 "http://www.eedudegree.com" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)"
---8<-------------------8<---
taf_jan
 
Posts: 1
Joined: 29. December 2009 11:04

Return to Apache

Who is online

Users browsing this forum: No registered users and 3 guests