Re: [PLUG] Denial of Service in Apache log?

brent timothy saner on 27 Apr 2010 18:49:23 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Denial of Service in Apache log?

From: "brent timothy saner" <brent.saner@gmail.com>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Denial of Service in Apache log?

Date: Wed, 28 Apr 2010 01:48:32 +0000

Reply-to: brent.saner@gmail.com, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

Sensitivity: Normal

Mod_evasive may be able to do something to help this. And get varnish running over it to help, just in case. (lack of GPG due to message sent via blackberry device) -----Original Message----- From: Eric <eric@lucii.org> Date: Tue, 27 Apr 2010 21:23:54 To: Philadelphia Linux User's Group Discussion List<plug@lists.phillylinux.org> Subject: [PLUG] Denial of Service in Apache log? I see the following request in the apache access log for a web site that I'm working on: 75.103.6.122 - - [27/Apr/2010:13:51:09 -0400] "GET /images/greenEdge_05.png HTTP/1.1" 304 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" So far so good... it's a 304 indicating the image file "greenEdge_05.png" has not changed. Weirdness alert!!!..... There are 8788 of these requests from the same IP address in the space of about 1140 seconds. I see identical blocks of thousands of requests for the same greenEdge_05.png file from other (random?) IPs - perhaps once or twice a day. I have a hard time believing that some part of the html/css/javascript is causing this. (I did not write said html/css/javascript BTW.) Is this some kind of stupid DOS attack? Is there a way to tell Apache to stop answering after the first few hundred repeated requests in a minute? :-) Eric -- # Eric Lucas # # "Oh, I have slipped the surly bond of earth # And danced the skies on laughter-silvered wings... # -- John Gillespie Magee Jr ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] Denial of Service in Apache log?
From: Eric <eric@lucii.org>

Prev by Date: [PLUG] Denial of Service in Apache log?

Next by Date: Re: [PLUG] grub shows no menu

Previous by thread: [PLUG] Denial of Service in Apache log?

Next by thread: [PLUG] Some musings on shell scripts and Linux admin 101

Index(es):

Date

Thread