attacco alla porta 80 [chiuso]

Question

attacco alla porta 80 [chiuso]

#1 da (1 voti)
#2 da (1 voti)

-2

Ho un server di istanza ec2 ubuntu che ospita il sito apache2 & tomcat7 al back end. Secondo i registri di apache ho dubbi sull'attacco malevolo! Per favore qualcuno può confermarlo e amp; cosa posso fare per fermarlo?

Ho scoperto che quegli IP provengono da xyz, quindi ho provato a bloccare il traffico da Geo limitando l'utilizzo di .htacces ma ancora inutile!

.htaccess:

#Geo Restrict
                MaxMindDBEnable On
#               MaxMindDBFile DB /path/to/GeoIP/GeoLite2-Country.mmdb
                MaxMindDBFile DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
                MaxMindDBEnv MM_COUNTRY_CODE DB/country/iso_code

#                SetEnvIf MM_COUNTRY_CODE ^(RU|DE|FR|US|CN) BlockCountry
                SetEnvIf MM_COUNTRY_CODE ^(IN) BlockCountry
                Allow from env=BlockCountry
#                Deny from env=BlockCountry

"/ var / log / apache2access.log":

 188.143.232.19 - - [19/Nov/2015:10:02:05 +0000] "POST http://confessions.nerve.com/confessions/add HTTP/1.1" 200 5340 "http://confessions.nerve.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    5.45.79.4 - - [19/Nov/2015:10:02:06 +0000] "GET http://toolbarqueries.google.com/tbr?client=navclient-auto&ch=62284050769&ie=UTF-8&oe=UTF-8&features=Rank&q=info%3Ahttp%3A%2F%2Fblog.fabricinteractive.com%2Fwp-content%2Fthemes%2Flicense.php HTTP/1.1" 200 818 "-" "Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1"
    188.143.232.43 - - [19/Nov/2015:10:02:06 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dsite%253Asoundviewengineers.com%2520a%2520href%253Dhttp%253A%252F%252F%2520OR%2520%255Burl%253Dhttp%253A%252F%252F%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYoLy2sgUiGQDxp4NLQrzvBnbvmg6S5qqbxttbTFrHfHQ HTTP/1.1" 503 3443 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=site%3Asoundviewengineers.com%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    95.215.111.101 - - [19/Nov/2015:10:02:06 +0000] "GET http://steamcommunity.com/market/listings/730/Nova%20%7C%20Ranger%20%28Well-Worn%29/render/?query=&start=0&count=10&country=RU&language=russian&currency=5 HTTP/1.1" 429 815 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"
    188.143.232.62 - - [19/Nov/2015:10:02:06 +0000] "GET http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcutenews%2Fhome.php%3Fcomm_start_from%3D%20%22View%20guestbook%22%20site%3Abiz%20viagra&num=100&gws_rd=ssl HTTP/1.1" 302 1242 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcutenews%2Fhome.php%3Fcomm_start_from%3D%20%22View%20guestbook%22%20site%3Abiz%20viagra&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    69.64.50.250 - - [19/Nov/2015:10:02:06 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Flip%20Knife%20%7C%20Slaughter%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927351958 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.22 - - [19/Nov/2015:10:02:06 +0000] "GET http://search.yahoo.com/search?ei=utf-8&p=site%3Asunwooltd.com%20m%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1 HTTP/1.1" 999 2978 "http://search.yahoo.com/search?ei=utf-8&p=site%3Asunwooltd.com%20m%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1" "Mozilla/5.0 (Windows NT 5.2; rv:5.0) Gecko/20100101 Firefox/5.0"
    109.234.158.21 - - [19/Nov/2015:10:02:04 +0000] "CONNECT yandex.ru:443 HTTP/1.1" 200 53785 "-" "Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 Firefox/25.0"
    188.143.232.62 - - [19/Nov/2015:10:02:07 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dinurl%253A%252Fcutenews%252Fhome.php%253Fcomm_start_from%253D%2520%2522View%2520guestbook%2522%2520site%253Abiz%2520viagra%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYoby2sgUiGQDxp4NLSJ_Ek8k_8mneqvVmGriE3wqaxOs HTTP/1.1" 503 3481 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcutenews%2Fhome.php%3Fcomm_start_from%3D%20%22View%20guestbook%22%20site%3Abiz%20viagra&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.22 - - [19/Nov/2015:10:02:07 +0000] "GET http://search.yahoo.com/search?ei=utf-8&p=site%3Asteigerwaldrebellen.de%20k%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1 HTTP/1.1" 999 2994 "http://search.yahoo.com/search?ei=utf-8&p=site%3Asteigerwaldrebellen.de%20k%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1" "Mozilla/5.0 (Windows NT 5.2; rv:5.0) Gecko/20100101 Firefox/5.0"
    5.9.28.162 - - [19/Nov/2015:10:02:05 +0000] "POST http://voh.russianpost.ru:8080/niips-operationhistory-web/OperationHistory HTTP/1.1" 200 451 "-" "Mozilla/5.0 (Windows NT 6.3; rv:27.0) Gecko/20100101 Firefox/27.0"
    188.143.232.19 - - [19/Nov/2015:10:02:07 +0000] "POST http://confessions.nerve.com/confessions/add HTTP/1.1" 200 5340 "http://confessions.nerve.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.34 - - [19/Nov/2015:10:02:07 +0000] "GET http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fscript%2Fchat.cgi%3Fno%3D%20%22Title%3A%22%20site%3Afr%20a&num=100&gws_rd=ssl HTTP/1.1" 302 1184 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fscript%2Fchat.cgi%3Fno%3D%20%22Title%3A%22%20site%3Afr%20a&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    5.19.253.227 - - [19/Nov/2015:10:02:07 +0000] "GET http://steamcommunity.com/market/listings/730/AWP%20%7C%20Asiimov%20(Battle-Scarred)/render/?query=&start=0&count=1&country=RU&language=russian&currency=5&1992083898 HTTP/1.1" 429 852 "-" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.16"
    36.85.194.247 - - [19/Nov/2015:10:02:07 +0000] "POST http://check2.zennolab.com/proxy.php HTTP/1.1" 200 274 "RefererString" "-"
    69.64.50.250 - - [19/Nov/2015:10:02:08 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Bayonet%20%7C%20Safari%20Mesh%20(Field-Tested)/render/?country=RU&language=english&currency=5&count=7&1447927352753 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.62 - - [19/Nov/2015:10:02:06 +0000] "POST http://work.a-poster.info:25000/ HTTP/1.1" 200 391 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.34 - - [19/Nov/2015:10:02:08 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dinurl%253A%252Fscript%252Fchat.cgi%253Fno%253D%2520%2522Title%253A%2522%2520site%253Afr%2520a%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYory2sgUiGQDxp4NLCFzapaSOeJXgQvaH9AxGxcYKyhE HTTP/1.1" 503 3392 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fscript%2Fchat.cgi%3Fno%3D%20%22Title%3A%22%20site%3Afr%20a&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.41 - - [19/Nov/2015:10:02:08 +0000] "GET http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%22bookstore.cgi%22%20%22june%22%20j&num=100&gws_rd=ssl HTTP/1.1" 302 1114 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%22bookstore.cgi%22%20%22june%22%20j&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.11 - - [19/Nov/2015:10:02:07 +0000] "POST http://www.fengjiebathrooms.com/index.php/order HTTP/1.1" 200 577 "http://www.fengjiebathrooms.com/index.php/appraisal?page=16515" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    51.254.120.8 - - [19/Nov/2015:10:02:08 +0000] "GET http://www.eat-with.us/25-healthy-eating-diet-tips/?tb8 HTTP/1.1" 403 566 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4; pl-PL) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/7.0.5 Safari/537.77.4"
    69.64.50.250 - - [19/Nov/2015:10:02:08 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20StatTrak%E2%84%A2%20Karambit%20%7C%20Case%20Hardened%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927354145 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    69.64.50.250 - - [19/Nov/2015:10:02:07 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Gut%20Knife%20%7C%20Stained%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927351316 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.19 - - [19/Nov/2015:10:02:08 +0000] "POST http://confessions.nerve.com/confessions/add HTTP/1.1" 200 5340 "http://confessions.nerve.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    69.64.50.250 - - [19/Nov/2015:10:02:08 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20M9%20Bayonet%20%7C%20Forest%20DDPAT%20(Field-Tested)/render/?country=RU&language=english&currency=5&count=7&1447927353469 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.41 - - [19/Nov/2015:10:02:09 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dinurl%253A%2522bookstore.cgi%2522%2520%2522june%2522%2520j%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYory2sgUiGQDxp4NLCFzapaSOeJXgQvaH9AxGxcYKyhE HTTP/1.1" 503 3319 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%22bookstore.cgi%22%20%22june%22%20j&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    185.87.49.13 - - [19/Nov/2015:10:02:09 +0000] "GET http://steamcommunity.com/profiles/76561198122741909 HTTP/1.1" 200 41395 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
    95.211.196.33 - - [19/Nov/2015:10:01:55 +0000] "CONNECT www.marathonbet.com:443 HTTP/1.1" 200 7631 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"
    149.202.54.93 - - [19/Nov/2015:10:02:09 +0000] "GET http://www.eat-with.us/25-healthy-eating-diet-tips/?tb10 HTTP/1.1" 403 708 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5; pl-PL) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2"
    188.143.232.19 - - [19/Nov/2015:10:02:09 +0000] "POST http://confessions.nerve.com/confessions/add HTTP/1.1" 200 5340 "http://confessions.nerve.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.37 - - [19/Nov/2015:10:02:09 +0000] "GET http://www.americanlisted.com/new_york_32/pets_and_animals_47/jxdb0n/ HTTP/1.1" 404 27057 "http://whitewater-wi.americanlisted.com/53190/pets-leasure-time-hobbies/domestic-short-hair-dancer-medium-adult-male-cat_23421353.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.11 - - [19/Nov/2015:10:02:09 +0000] "POST http://www.fengjiebathrooms.com/index.php/order HTTP/1.1" 200 577 "http://www.fengjiebathrooms.com/index.php/appraisal?page=16515" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.34 - - [19/Nov/2015:10:02:10 +0000] "GET http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fboard.php%3Ftb%3D%20%22Required%20fields%20are%22%20site%3Acom%20n&num=100&gws_rd=ssl HTTP/1.1" 302 1200 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fboard.php%3Ftb%3D%20%22Required%20fields%20are%22%20site%3Acom%20n&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.37 - - [19/Nov/2015:10:02:09 +0000] "POST http://www.baoshijz.com/xcv2w93idn48f.asp?page=7305 HTTP/1.1" 200 10912 "http://www.baoshijz.com/xcv2w93idn48f.asp?page=7305" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.41 - - [19/Nov/2015:10:02:10 +0000] "POST http://www.biblus.ru/Default.aspx?mode=op&bk=1b17h286g8 HTTP/1.1" 500 5124 "http://www.biblus.ru/Default.aspx?mode=op&bk=1b17h286g8" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.19 - - [19/Nov/2015:10:02:10 +0000] "POST http://confessions.nerve.com/confessions/add HTTP/1.1" 200 5340 "http://confessions.nerve.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.34 - - [19/Nov/2015:10:02:11 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dinurl%253A%252Fboard.php%253Ftb%253D%2520%2522Required%2520fields%2520are%2522%2520site%253Acom%2520n%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYpby2sgUiGQDxp4NLU2N77ituKHIJSj4homKS8Pc3vLA HTTP/1.1" 503 3416 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fboard.php%3Ftb%3D%20%22Required%20fields%20are%22%20site%3Acom%20n&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    178.62.104.120 - - [19/Nov/2015:09:57:57 +0000] "GET http://betsbc.com/bets/bets.php HTTP/1.1" 503 563 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36"
    195.234.5.142 - - [19/Nov/2015:10:02:09 +0000] "CONNECT oauth.vk.com:443 HTTP/1.0" 200 5970 "-" "-"
    69.64.50.250 - - [19/Nov/2015:10:02:11 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Gut%20Knife%20%7C%20Stained%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927356209 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.11 - - [19/Nov/2015:10:02:11 +0000] "POST http://www.fengjiebathrooms.com/index.php/order HTTP/1.1" 200 577 "http://www.fengjiebathrooms.com/index.php/appraisal?page=16515" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    95.215.111.101 - - [19/Nov/2015:10:02:12 +0000] "GET http://steamcommunity.com/market/listings/730/Dual%20Berettas%20%7C%20Cobalt%20Quartz%20%28Minimal%20Wear%29/render/?query=&start=0&count=10&country=RU&language=russian&currency=5 HTTP/1.1" 429 815 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"
    69.64.50.250 - - [19/Nov/2015:10:02:12 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Bayonet%20%7C%20Safari%20Mesh%20(Field-Tested)/render/?country=RU&language=english&currency=5&count=7&1447927357655 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    69.64.50.250 - - [19/Nov/2015:10:02:12 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Flip%20Knife%20%7C%20Slaughter%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927356908 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    94.23.214.156 - - [19/Nov/2015:10:02:09 +0000] "CONNECT api.paypal.com:443 HTTP/1.0" 200 6337 "-" "-"
    51.254.120.81 - - [19/Nov/2015:10:02:12 +0000] "GET http://www.cooking-ideas.net/hot/?tb9 HTTP/1.1" 403 696 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; pl-PL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36"
    54.193.55.118 - - [19/Nov/2015:10:02:10 +0000] "CONNECT api.paypal.com:443 HTTP/1.0" 200 6326 "-" "-"
    109.234.158.21 - - [19/Nov/2015:10:02:10 +0000] "CONNECT yandex.ru:443 HTTP/1.1" 200 55688 "https://yandex.ru/yandsearch?text=%D0%BC%D0%B5%D1%82%D0%B0%D0%BB%D0%BB%D0%BE%D0%BF%D0%BB%D0%B0%D1%81%D1%82%D0%BC%D0%B0%D1%81%D1%81%D0%BE%D0%B2%D1%8B%D0%B5+%D0%BA%D0%BE%D1%80%D0%BE%D0%BD%D0%BA%D0%B8&lr=213" "Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 Firefox/25.0"
    69.64.50.250 - - [19/Nov/2015:10:02:12 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20M9%20Bayonet%20%7C%20Forest%20DDPAT%20(Field-Tested)/render/?country=RU&language=english&currency=5&count=7&1447927358337 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    69.64.50.250 - - [19/Nov/2015:10:02:13 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20StatTrak%E2%84%A2%20Karambit%20%7C%20Case%20Hardened%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927359020 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.40 - - [19/Nov/2015:10:02:08 +0000] "POST http://santaefigeniapernambucana.com.br/loja/postreview.php HTTP/1.1" 302 474 "http://santaefigeniapernambucana.com.br/loja/products/Gravador-Dig.-De-Aud.-E-Vid.-8-Canais-Dvr-Sata-Vd-3008.html?revpage=149" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.11 - - [19/Nov/2015:10:02:12 +0000] "POST http://www.fengjiebathrooms.com/index.php/order HTTP/1.1" 200 577 "http://www.fengjiebathrooms.com/index.php/appraisal?page=16515" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.62 - - [19/Nov/2015:10:02:13 +0000] "GET http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcgi-bin%2Fminibbs.cgi%3Fmode%3D%20%22Your%20e-mail%3A%22%20site%3Ainfo%20levitra&num=100&gws_rd=ssl HTTP/1.1" 302 1232 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcgi-bin%2Fminibbs.cgi%3Fmode%3D%20%22Your%20e-mail%3A%22%20site%3Ainfo%20levitra&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.22 - - [19/Nov/2015:10:02:14 +0000] "GET http://search.yahoo.com/search?ei=utf-8&p=site%3Aspa.bg%20i%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1 HTTP/1.1" 999 2973 "http://search.yahoo.com/search?ei=utf-8&p=site%3Aspa.bg%20i%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1" "Mozilla/5.0 (Windows NT 5.2; rv:5.0) Gecko/20100101 Firefox/5.0"
    188.143.232.62 - - [19/Nov/2015:10:02:14 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dinurl%253A%252Fcgi-bin%252Fminibbs.cgi%253Fmode%253D%2520%2522Your%2520e-mail%253A%2522%2520site%253Ainfo%2520levitra%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYqLy2sgUiGQDxp4NLYu-kCPvL_N7zpKfNskycakgzv2c HTTP/1.1" 503 3458 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcgi-bin%2Fminibbs.cgi%3Fmode%3D%20%22Your%20e-mail%3A%22%20site%3Ainfo%20levitra&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    ^C

apache audit attack-prevention

posta Ashish Karpe 19.11.2015 - 11:38

fonte

2 risposte

1

Ashish, sembra che diversi computer ti stiano usando come server proxy. Altrimenti, queste richieste non dovrebbero mai essere arrivate nella tua casella e aver ricevuto indietro i codici di stato "200 OK" (il che significa che hai effettivamente rispedito la pagina richiesta).

Le richieste non sono malevole per sé, ma devi assicurarti che il tuo server sia configurato in modo tale da non finire con il proxy delle connessioni ad altri siti.

Il blocco degli indirizzi IP non risolve il problema, ma spazza via lo sporco sotto il tappetino. Per risolvere davvero il tuo problema, devi disabilitare qualsiasi configurazione abilita Apache ad accettare connessioni proxy.

risposta data 19.11.2015 - 13:30

fonte

Leggi altre domande sui tag apache audit attack-prevention

Qualcuno può riconoscere questo tipo di codifica? [chiuso] In che modo gli algoritmi MD5 e sali entrano in gioco se l'attaccante utilizza l'arricciatura?

score 1 · Accepted Answer

Non è un attacco, il tuo server è abituato alle richieste Proxy.

Non so come sia la tua configurazione proxy, ma se non reindirizza il traffico, puoi aggiungere questa regola per evitare il tipo di richiesta inutile

<Directory />
#blocking request who not start by /
RewriteCond %{REQUEST_URI} !^/
#redirect to nowhere
RewriteRule .* - [END]
</Directory>

In più, dovresti controllare la configurazione del Proxy per non reindirizzare il traffico