Linux -Blue forest free software | Return to home page | Site Map | Search WWW | Contact Us |
Your current position : Homepage > Free Software > Technological exchanges >System Security


    

Blue Forest http://www.lslnet.com at 19:08 on June 28, 2006


Apache was QQ ddos, expert help solve the problem.

FreeBSD 5.3+Apache 2.0.53 recently seen a large number of log x http代理 listening to the QQ, a large number of connecting virtually every minute analysis might be attacked, consult experts, I used FreeBSD can block the ipfilter such listening? How do we go about it?

X log as follows :
221.12.76.186 - - [28/Mar/2005:00:01:21 +0800] "CONNECT tcpconn2.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:21 +0800] "CONNECT tcpconn2.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:21 +0800] "CONNECT tcpconn2.tencent.com:443 HTTP/1.1" 405 320 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:21 +0800] "CONNECT tcpconn4.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:25 +0800] "CONNECT tcpconn4.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:25 +0800] "CONNECT tcpconn4.tencent.com:443 HTTP/1.1" 405 320 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:25 +0800] "CONNECT tcpconn.tencent.com:443 HTTP/1.1" 400 310 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:25 +0800] "CONNECT tcpconn.tencent.com:443 HTTP/1.1" 400 310 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:26 +0800] "CONNECT tcpconn.tencent.com:443 HTTP/1.1" 405 319 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:26 +0800] "CONNECT tcpconn3.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:29 +0800] "CONNECT tcpconn3.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
221.12.76.186 - - [28/Mar/2005:00:01:29 +0800] "CONNECT tcpconn3.tencent.com:443 HTTP/1.1" 405 320 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:06 +0800] "CONNECT tcpconn4.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:06 +0800] "CONNECT tcpconn4.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:06 +0800] "CONNECT tcpconn4.tencent.com:443 HTTP/1.1" 405 320 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:06 +0800] "CONNECT tcpconn3.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:06 +0800] "CONNECT tcpconn3.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:10 +0800] "CONNECT tcpconn3.tencent.com:443 HTTP/1.1" 405 320 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:13 +0800] "CONNECT tcpconn2.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:13 +0800] "CONNECT tcpconn2.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:13 +0800] "CONNECT tcpconn2.tencent.com:443 HTTP/1.1" 405 320 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:13 +0800] "CONNECT tcpconn.tencent.com:443 HTTP/1.1" 400 310 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:16 +0800] "CONNECT tcpconn.tencent.com:443 HTTP/1.1" 400 310 "-" and "-" (-)
61.152.104.80 - - [28/Mar/2005:00:02:17 +0800] "CONNECT tcpconn.tencent.com:443 HTTP/1.1" 405 319 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:05:55 +0800] "CONNECT tcpconn3.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:05:56 +0800] "CONNECT tcpconn3.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:05:57 +0800] "CONNECT tcpconn3.tencent.com:443 HTTP/1.1" 405 320 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:05:57 +0800] "CONNECT tcpconn4.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:05:58 +0800] "CONNECT tcpconn4.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:06:02 +0800] "CONNECT tcpconn4.tencent.com:443 HTTP/1.1" 405 320 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:06:02 +0800] "CONNECT tcpconn.tencent.com:443 HTTP/1.1" 400 310 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:06:03 +0800] "CONNECT tcpconn.tencent.com:443 HTTP/1.1" 400 310 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:06:04 +0800] "CONNECT tcpconn.tencent.com:443 HTTP/1.1" 405 319 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:06:04 +0800] "CONNECT tcpconn2.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:06:05 +0800] "CONNECT tcpconn2.tencent.com:443 HTTP/1.1" 400 311 "-" and "-" (-)
219.146.174.138 - - [28/Mar/2005:00:06:06 +0800] "CONNECT tcpconn2.tencent.com:443 HTTP/1.1" 405 320 "-" and "-" (-)

Apache was QQ ddos, expert help solve the problem.

Some installed bars ip is not wrong, only two appear ip directly Fengdiao you okay.

Apache was QQ ddos, expert help solve the problem.

IP are many, I just extract a bit. It was estimated that out of my QQ Proxy Server table, a large number of users 24 hours of continuous network connectivity outside of the 80-port network adapter, an IP block is definitely not a good way, we hope to help our heroes.

Apache was QQ ddos, expert help solve the problem.

Halo ah, you really is the background against ddos really do not know what is good, if not special needs port 80, you simply changed the server port.

[ Closed window ]


 Privacy Policy  Copyright © 1999-2000 LSLNET.COM. All rights reserved. Blue Forest website owners. E-mail : Webmaster@lslnet.com