Answer the question
In order to leave comments, you need to log in
A
A
Alexey2018-02-04 15:17:07
Alexey, 2018-02-04 15:17:07
What is the purpose(s) of such a network flood?
From correspondence with a friend
but I have some kind of misfortune, I look like sometimes the main site (allfriends.pw) slows down, I decided to look at the logs and came to a quiet horror ... there are constant requests from dozens of IPs, but from one of them it’s just unbelievable, more than 250 thousand for day, in short .htaccess closed the entire subnet of this provider (the netherlands), what is it? hack attempts?
In .htaccess, the site owner registered
Deny from 185.2.80.0/22But the requests went the way they go, mainly from the address 185.2.81.107
Part of the logs from the site
Logs
185.2.81.107 - - [02/Feb/2018:13:32:32 +0300] "GET /go/url=estudioimagina.tv/project/alcanzar-la-gloria-e.. HTTP/1.0" 403 2912 "free-tor.com/go.php?url=https://allfriends.pw/go/url=.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
185.2.81.107 - - [02/Feb/2018:13:32:38 +0300] "GET /go/url=https://waters.asureforce.net/redirect.aspx?redirectu.. HTTP/1.0" 403 2912 "mb.wendise.com/tools/thumbs.php?tds=3&trs=1&p.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
185.2.81.107 - - [02/Feb/2018:13:32:44 +0300] "GET /go/url=nes-west.com/__media__/js/netsoltrademark.php?.. HTTP/1.0" 403 2912 "bankrot-inform.ru/go.php?url=https://allfriends.pw/go.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
185.2.81.107 - - [02/Feb/2018:13:32:51 +0300] "GET /go/url=www.xjjgsc.com/Redirect.aspx?url=http://easyvi.. HTTP/1.0" 403 2912 "http://www.google.ca/url?sa=t&rct=j&q=非.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
185.2.81.107 - - [02/Feb/2018:13:32:58 +0300] "GET /go/url=xzn.es/4c4a1 HTTP/1.0" 403 2912 "nlrs.ru/bitrix/redirect.php?event1=banner2&event2.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
185.2.81.107 - - [02/Feb/2018:13:33:05 +0300] "GET /go/url=www.gothamlabs.com/__media__/js/netsoltrademar.. HTTP/1.0" 403 2912 "blog.so-net.ne.jp/_pages/mobile/step/index?u=https://.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
185.2.81.107 - - [02/Feb/2018:13:32:38 +0300] "GET /go/url=https://waters.asureforce.net/redirect.aspx?redirectu.. HTTP/1.0" 403 2912 "mb.wendise.com/tools/thumbs.php?tds=3&trs=1&p.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
185.2.81.107 - - [02/Feb/2018:13:32:44 +0300] "GET /go/url=nes-west.com/__media__/js/netsoltrademark.php?.. HTTP/1.0" 403 2912 "bankrot-inform.ru/go.php?url=https://allfriends.pw/go.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
185.2.81.107 - - [02/Feb/2018:13:32:51 +0300] "GET /go/url=www.xjjgsc.com/Redirect.aspx?url=http://easyvi.. HTTP/1.0" 403 2912 "http://www.google.ca/url?sa=t&rct=j&q=非.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
185.2.81.107 - - [02/Feb/2018:13:32:58 +0300] "GET /go/url=xzn.es/4c4a1 HTTP/1.0" 403 2912 "nlrs.ru/bitrix/redirect.php?event1=banner2&event2.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
185.2.81.107 - - [02/Feb/2018:13:33:05 +0300] "GET /go/url=www.gothamlabs.com/__media__/js/netsoltrademar.. HTTP/1.0" 403 2912 "blog.so-net.ne.jp/_pages/mobile/step/index?u=https://.." "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
Full request example:
free-tor.com/go.php?url=https://allfriends.pw/go/u...
What could it be? What are the goals?
And blocking the source of the flood is possible only through an appeal to the Dutch provider?
4 answer(s)
@Psq
P
Psq, 2018-02-04 @Psq
Remove Open Redirect from the site and you will no longer be of interest to them.
Similar questions
E
Eva Ra2015-06-03 19:41:34
What helps against DDoS attacks better: hardware or cloud solutions?
3Reply
E
U
S
H
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question