Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nonegrata2017-02-07 11:50:48
Apache HTTP Server
Nonegrata, 2017-02-07 11:50:48

Attack on apache2 webserver?

Good day!
Detected a (ddos?) (attack?) on my web server today. Some kind of crap to pour and pour Installed fail2ban but could not set up regexp, please help with the expression or is there any other way out? I assume that you need to block on Baiduspider / 2.0; . Thanks

155.94.65.53 - - [07/Feb/2017:17:44:41 +0900] "GET http://p.ato.mx/placement?v=9&id=258152&size=300x250&type=javascript&b=0&domain=www.foxiauto.com&screen=1024x768x24&timezone=480&cookies=1&flash=1&r= HTTP/1.0" 404 496 "http://www.foxiauto.com/category/auto-shows/page/2/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36"
58.221.55.199 - - [07/Feb/2017:17:44:41 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
178.62.172.18 - - [07/Feb/2017:17:44:41 +0900] "GET http://www.google.fr/search?oe=utf-8&pws=0&complete=0&hl=fr&num=100&q=cravate+fait+en+france HTTP/1.1" 404 442 "-" "-"
58.221.55.199 - - [07/Feb/2017:17:44:42 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
86.221.129.63 - - [07/Feb/2017:17:44:42 +0900] "GET http://www.spot-bourse.com/VALUECLICK.php HTTP/1.1" 404 456 "http://www.spot-bourse.com/BAN.php" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"
59.126.2.116 - - [07/Feb/2017:17:44:42 +0900] "GET http://www.rakuten.com.tw/shop/yueerle/product/4716777996816/ HTTP/1.1" 404 476 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET4.0C; .NET4.0E)"
138.201.19.161 - - [07/Feb/2017:17:44:42 +0900] "GET http://www.bet365.com/home/inplayapi/Sportsbook.asp?lid=1&zid=9&pd=%23AC%23B1%23C1%23D13%23E29765035%23F2%23R1%23&wg=0&cid=31&cg=0 HTTP/1.1" 404 522 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/8.0.763.89 Safari/537.36"
58.221.55.199 - - [07/Feb/2017:17:44:43 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
58.221.55.199 - - [07/Feb/2017:17:44:44 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
58.221.55.199 - - [07/Feb/2017:17:44:45 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
58.221.55.199 - - [07/Feb/2017:17:44:46 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
172.82.190.245 - - [07/Feb/2017:17:44:46 +0900] "GET http://baigemed.com/ HTTP/1.1" 200 631 "-" "BaiduSpider"
138.201.36.205 - - [07/Feb/2017:17:44:46 +0900] "CONNECT graph.facebook.com:443 HTTP/1.1" 405 518 "-" "-"
138.201.36.205 - - [07/Feb/2017:17:44:47 +0900] "CONNECT graph.facebook.com:443 HTTP/1.1" 405 518 "-" "-"
58.221.55.199 - - [07/Feb/2017:17:44:47 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
31.43.140.238 - - [07/Feb/2017:17:44:47 +0900] "GET http://www.apple.com/ HTTP/1.1" 200 489 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; .NET CLR 1.1.4322; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)"
58.221.55.199 - - [07/Feb/2017:17:44:48 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
43.241.217.243 - - [07/Feb/2017:17:44:49 +0900] "CONNECT kyfw.12306.cn:443 HTTP/1.1" 405 513 "-" "-"
43.241.217.171 - - [07/Feb/2017:17:44:49 +0900] "CONNECT kyfw.12306.cn:443 HTTP/1.1" 405 513 "-" "-"
104.156.238.102 - - [07/Feb/2017:17:44:49 +0900] "GET http://xxo1024.com/forum.php HTTP/1.1" 404 443 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
58.221.55.199 - - [07/Feb/2017:17:44:49 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
139.219.224.20 - - [07/Feb/2017:17:44:50 +0900] "CONNECT 61.130.29.173:84 HTTP/1.1" 405 512 "-" "-"
58.221.55.199 - - [07/Feb/2017:17:44:50 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
108.49.129.8 - - [07/Feb/2017:17:44:50 +0900] "CONNECT api.roblox.com:443 HTTP/1.0" 405 533 "-" "-"
23.239.65.132 - - [07/Feb/2017:17:44:51 +0900] "GET http://tag.contextweb.com/TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=544411&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=144571 HTTP/1.0" 404 518 "http://www.youdagames.com/en/pc-download-games/simulation-and-strategy/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
95.153.108.216 - - [07/Feb/2017:17:44:52 +0900] "CONNECT static.90.170.46.78.clients.your-server.de:80 HTTP/1.1" 405 541 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0"
58.221.55.199 - - [07/Feb/2017:17:44:52 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
95.153.108.216 - - [07/Feb/2017:17:44:52 +0900] "CONNECT freeproxies.mooo.com:80 HTTP/1.1" 405 519 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0"
95.153.108.216 - - [07/Feb/2017:17:44:52 +0900] "CONNECT www.freeproxies.ga:80 HTTP/1.1" 405 517 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0"
95.153.108.216 - - [07/Feb/2017:17:44:52 +0900] "CONNECT web1.strangled.net:80 HTTP/1.1" 405 517 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0"
95.153.108.216 - - [07/Feb/2017:17:44:53 +0900] "GET http://static.166.82.76.144.clients.your-server.de/myipha.php?rnd=8c56a83cf76454b715bff3fb3f4ba7ff&rn=915801847 HTTP/1.1" 404 476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0"
123.240.17.157 - - [07/Feb/2017:17:44:53 +0900] "GET http://azenv.net/ HTTP/1.1" 200 470 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36"
58.221.55.199 - - [07/Feb/2017:17:44:53 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
58.221.55.199 - - [07/Feb/2017:17:44:55 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
176.122.226.23 - - [07/Feb/2017:17:44:55 +0900] "GET http://chek.zennolab.com/proxy.php HTTP/1.1" 404 468 "RefererString" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0"
58.221.55.199 - - [07/Feb/2017:17:44:57 +0900] "GET http://showibo.com/ HTTP/1.1" 200 631 "http://www.baidu.com" "Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)"
59.126.2.116 - - [07/Feb/2017:17:44:58 +0900] "GET http://search.rakuten.com.tw/?nn=0&al=0&vm=2&p=1&si=3133&sm=3&kt=0&sf=1 HTTP/1.1" 200 470 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET4.0C; .NET4.0E)"

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
ioannes, 2017-02-07
@ioannes

It's other people's hosts climb?
I would do this, get rid of someone else's traffic first:

# cat /etc/apache2/sites-enabled/000-default.conf

# Сайт по умолчанию
<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName localhost

        DocumentRoot /var/www/html
        <Directory /var/www/html>
                Require all granted
                AllowOverride None
        </Directory>

        LogLevel emerg
        ErrorLog ${APACHE_LOG_DIR}/default.err
        CustomLog ${APACHE_LOG_DIR}/default.log combined
</VirtualHost>

And pull out all IPs from the default.log and ban them in fail2ban.
And after that, the results.

Similar questions
E
Emptyform2015-09-03 12:42:06
Criticize the layout, what are the errors in it? 7Reply
S
Stasyn19902015-05-26 20:51:38
How to configure apache2 (linux OS) for cgi scripts (in python-not)? 1Reply
A
Alexey Verkhovtsev2017-05-14 14:04:25
How to make a stub on a Codeigniter website? 1Reply
R
rowaxi2019-10-15 03:21:52
Why doesn't apachectl restart (or apachectl graceful) reopen log files after rotation? 0Reply
S
ShamblerR2015-06-01 17:56:29
Is it possible to improve custom for .htaccess config? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question