Un sacco di colpi bot, il referente sembra essere la variabile

Question

Un sacco di colpi bot, il referente sembra essere la variabile

#1 da (2 voti)

0

Recentemente (negli ultimi 15 minuti) ho avuto un bel po 'di visite dallo stesso IP, è in un paese sulla nostra lista nera, quindi sono appena tornati sulla nostra pagina "Accesso negato", ma ero solo interessato a da ciò potrebbe trarre vantaggio un bot / attacker.

Tutto ciò che sembra cambiare è il referente, qualcuno ha visto un comportamento simile?

62.245.46.204 - - [02/Dec/2013:15:06:10 +0000] "GET // HTTP/1.1" 302 3056 "http://rumagic.com/tw.php" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:06:10 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://rumagic.com/tw.php" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:06:53 +0000] "GET // HTTP/1.1" 302 3056 "http://avtoru.org/index.php?forums/35/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:06:54 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://avtoru.org/index.php?forums/35/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:07:37 +0000] "GET // HTTP/1.1" 302 3056 "http://rumagic.com/deir/book1/deir-book1.htm" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:07:37 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://rumagic.com/deir/book1/deir-book1.htm" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:08:20 +0000] "GET // HTTP/1.1" 302 3056 "http://rulibs.com/ru_zar/sci_history/zamarovskiy/0/j12.html" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:08:21 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://rulibs.com/ru_zar/sci_history/zamarovskiy/0/j12.html" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:09:04 +0000] "GET // HTTP/1.1" 302 3056 "http://uznaipravdu.org/viewtopic.php?f=31&t=650" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:09:04 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://uznaipravdu.org/viewtopic.php?f=31&t=650" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:09:47 +0000] "GET // HTTP/1.1" 302 3056 "http://rusfoto.net/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:09:48 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://rusfoto.net/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:10:31 +0000] "GET // HTTP/1.1" 302 3056 "http://programming-lang.com/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:10:31 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://programming-lang.com/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:11:14 +0000] "GET // HTTP/1.1" 302 3056 "http://rulibs.com/ru_zar/sf/index.html?10" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:11:14 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://rulibs.com/ru_zar/sf/index.html?10" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:11:57 +0000] "GET // HTTP/1.1" 302 3056 "http://smbb.ws/index.php?threads/26255/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:11:58 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://smbb.ws/index.php?threads/26255/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:12:41 +0000] "GET // HTTP/1.1" 302 3056 "http://www.avtoru.org/index.php?forums/3/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:12:41 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://www.avtoru.org/index.php?forums/3/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:13:27 +0000] "GET // HTTP/1.1" 302 3056 "http://smbb.ws/index.php?forums/13/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:13:27 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://smbb.ws/index.php?forums/13/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:14:10 +0000] "GET // HTTP/1.1" 302 3056 "http://avtoru.org/tw.php" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:14:11 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://avtoru.org/tw.php" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:14:54 +0000] "GET // HTTP/1.1" 302 3056 "http://rumagic.com/_flv/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:14:54 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://rumagic.com/_flv/" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:15:37 +0000] "GET // HTTP/1.1" 302 3056 "http://uznaipravdu.org/tw.php" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
62.245.46.204 - - [02/Dec/2013:15:15:37 +0000] "GET /denied.php HTTP/1.1" 200 1963 "http://uznaipravdu.org/tw.php" "Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

apache referer

posta Jamie Taylor 02.12.2013 - 16:58

fonte

1 risposta

Leggi altre domande sui tag apache referer

Strange Virus che infetta il mio server Struttura dei file durante l'utilizzo del token

score 2 · Accepted Answer

C'è la possibilità che stiano provando a fare il tuo server, ma considerando la velocità con cui stanno facendo un lavoro molto scarso. Generalmente le botnet hanno tre scopi:

informazioni sull'indice (scansiona i tuoi siti web)
abbassa il tuo sito web usando un attacco DoS di livello 7 (improbabile considerando la bassa percentuale di accessi al tuo sito web)
abusare annunci pubblicitari sul tuo sito web per aumentare i tuoi profitti

Ciascuno di questi può essere una ragione, non mi preoccuperei troppo, se ti infastidisce vorrei semplicemente abbandonare il traffico a livello di firewall.