免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 IT运维 数据安全 大家来看本世纪最NB的攻击
最近访问板块 发新帖
查看: 2602 | 回复: 4
打印 上一主题 下一主题

大家来看本世纪最NB的攻击 [复制链接]

xinshou009

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2009-07-23 11:28 |只看该作者 |倒序浏览
首先我发现自己是标题党,但这个问题真把我搞傻了,大家都来看看吧
本人经营者公司的一个视频网站,具体站点就不说了
环境:redhat5.2 apache2(已经做了防盗链)
症状:每秒钟滋生大量ip请求,访问同一文件,而我的视频站点上是没这个链接的,文件放在存储上,已经被我删除
     access_log:
219.138.153.149 - - [23/Jul/2009:11:11:23 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
125.211.135.59 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
61.172.184.94 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
119.139.238.142 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
117.82.78.198 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
119.96.34.241 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
219.149.71.174 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
76.235.194.171 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
211.99.14.6 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
113.18.40.245 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/x/o/xokjwusbr.flv HTTP/1.1" 403 336
116.9.153.167 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
115.49.96.163 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
58.210.97.129 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
119.139.238.142 - - [23/Jul/2009:11:11:24 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
221.2.40.222 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
119.139.238.142 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
121.34.57.53 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
123.152.11.66 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
125.73.41.79 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
218.71.60.153 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
124.91.44.201 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
218.88.153.202 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
116.29.52.92 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
221.221.54.201 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
221.206.219.209 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
222.241.252.239 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
222.141.60.94 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
125.73.45.65 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
113.17.200.107 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
119.139.238.142 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
116.11.0.214 - - [23/Jul/2009:11:11:25 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336
117.91.37.3 - - [23/Jul/2009:11:11:26 +0800] "GET /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv HTTP/1.1" 403 336

error_log:
[Thu Jul 23 11:22:23 2009] [error] [client 221.233.108.212] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:23 2009] [error] [client 60.191.18.45] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:23 2009] [error] [client 218.66.48.138] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:23 2009] [error] [client 117.24.53.88] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:24 2009] [error] [client 123.9.28.75] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:24 2009] [error] [client 125.110.27.19] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:24 2009] [error] [client 119.163.100.230] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:24 2009] [error] [client 117.83.40.112] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:25 2009] [error] [client 222.183.40.88] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:25 2009] [error] [client 123.153.1.31] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:26 2009] [error] [client 122.194.127.224] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:26 2009] [error] [client 222.133.204.52] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:26 2009] [error] [client 60.171.146.18] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
[Thu Jul 23 11:22:26 2009] [error] [client 218.0.240.42] client denied by server configuration: /data/video/421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv

agent_log:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; iCafeMedia; cafe8; Sicent; icafe8; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; icafe
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

referer_log:
http://www.qq74.net/bfq/clink.swf?id=20 -> /421b47ffd946ca083b65cd668c6b17e6/flv/o/6/o6307isvc.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv
- -> /421b47ffd946ca083b65cd668c6b17e6/flv/y/2/y2i6obi3h.flv

哇塞,他们都在请求一个文件,是不是被攻击暂时不能定,我做了一个统计
176 60.217.196.27
    179 116.7.107.200
    181 220.181.145.5
    186 124.72.196.231
    188 124.66.65.179
    189 124.200.128.181
    190 61.133.210.179
    191 121.37.44.58
    199 218.186.15.10
    203 61.157.131.67
    209 222.88.99.132
    214 58.60.108.200
    218 222.85.118.38
    220 222.174.19.246
    246 65.49.2.188
    266 220.181.145.1
    278 222.171.113.77
    282 202.156.12.10
    304 218.95.250.34
    305 119.40.38.11
    333 61.175.214.194
    336 113.106.201.21
    375 218.19.190.154
大量请求,而且访问1次-10次的ip不计其数

请大家分析下,这是什么攻击,还是被大型公司做了盗链什么的,期待大家的回复!
platinum

论坛徽章:
0
2 [报告]
发表于 2009-07-24 11:28 |只看该作者
类似 CC 的分布式耗尽带宽攻击,间接实现拒绝服务
攻击者一般利用大多肉鸡去实现
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
Godbach

论坛徽章:
36
IT运维版块每日发帖之星 日期:2016-04-10 06:20:00IT运维版块每日发帖之星 日期:2016-04-16 06:20:0015-16赛季CBA联赛之广东 日期:2016-04-16 19:59:32IT运维版块每日发帖之星 日期:2016-04-18 06:20:00IT运维版块每日发帖之星 日期:2016-04-19 06:20:00每日论坛发贴之星 日期:2016-04-19 06:20:00IT运维版块每日发帖之星 日期:2016-04-25 06:20:00IT运维版块每日发帖之星 日期:2016-05-06 06:20:00IT运维版块每日发帖之星 日期:2016-05-08 06:20:00IT运维版块每日发帖之星 日期:2016-05-13 06:20:00IT运维版块每日发帖之星 日期:2016-05-28 06:20:00每日论坛发贴之星 日期:2016-05-28 06:20:00
3 [报告]
发表于 2009-07-25 16:54 |只看该作者
恩,大量的GET包。
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
bxfqing

论坛徽章:
0
4 [报告]
发表于 2009-07-29 16:53 |只看该作者
想把server搞崩溃?
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
vermouth

论坛徽章:
34
亥猪 日期:2015-03-20 13:55:11戌狗 日期:2015-03-20 13:57:01酉鸡 日期:2015-03-20 14:03:56未羊 日期:2015-03-20 14:18:30子鼠 日期:2015-03-20 14:20:14丑牛 日期:2015-03-20 14:20:31辰龙 日期:2015-03-20 14:35:34巳蛇 日期:2015-03-20 14:35:56操作系统版块每日发帖之星 日期:2015-11-06 06:20:00操作系统版块每日发帖之星 日期:2015-11-08 06:20:00操作系统版块每日发帖之星 日期:2015-11-19 06:20:00黄金圣斗士 日期:2015-11-24 10:43:13
5 [报告]
发表于 2009-07-29 17:21 |只看该作者
只能加带宽,限制单个连结数。 我还以为谁要用飞机撞你们公司呢~
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP