免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 备份版区 攻防交流区 Apache被QQ ddos,请高手帮忙解决问题。
最近访问板块 发新帖
查看: 3572 | 回复: 3
打印 上一主题 下一主题

Apache被QQ ddos,请高手帮忙解决问题。 [复制链接]

leix

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2005-03-28 00:29 |只看该作者 |倒序浏览
FreeBSD 5.3+Apache 2.0.53,近日apache log里出现大量QQ的http代理连接请求,几乎每分钟都有大量连接,分析可能是被人攻击,请教高手,我用FreeBSD中的ipfilter可以挡住这类连接请求吗?该如何做呢?\r\n\r\napache log 如下:\r\n221.12.76.186 - - [28/Mar/2005:00:01:21 +0800] \"CONNECT tcpconn2.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:21 +0800] \"CONNECT tcpconn2.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:21 +0800] \"CONNECT tcpconn2.tencent.com:443 HTTP/1.1\" 405 320 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:21 +0800] \"CONNECT tcpconn4.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:25 +0800] \"CONNECT tcpconn4.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:25 +0800] \"CONNECT tcpconn4.tencent.com:443 HTTP/1.1\" 405 320 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:25 +0800] \"CONNECT tcpconn.tencent.com:443 HTTP/1.1\" 400 310 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:25 +0800] \"CONNECT tcpconn.tencent.com:443 HTTP/1.1\" 400 310 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:26 +0800] \"CONNECT tcpconn.tencent.com:443 HTTP/1.1\" 405 319 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:26 +0800] \"CONNECT tcpconn3.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:29 +0800] \"CONNECT tcpconn3.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n221.12.76.186 - - [28/Mar/2005:00:01:29 +0800] \"CONNECT tcpconn3.tencent.com:443 HTTP/1.1\" 405 320 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:06 +0800] \"CONNECT tcpconn4.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:06 +0800] \"CONNECT tcpconn4.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:06 +0800] \"CONNECT tcpconn4.tencent.com:443 HTTP/1.1\" 405 320 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:06 +0800] \"CONNECT tcpconn3.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:06 +0800] \"CONNECT tcpconn3.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:10 +0800] \"CONNECT tcpconn3.tencent.com:443 HTTP/1.1\" 405 320 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:13 +0800] \"CONNECT tcpconn2.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:13 +0800] \"CONNECT tcpconn2.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:13 +0800] \"CONNECT tcpconn2.tencent.com:443 HTTP/1.1\" 405 320 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:13 +0800] \"CONNECT tcpconn.tencent.com:443 HTTP/1.1\" 400 310 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:16 +0800] \"CONNECT tcpconn.tencent.com:443 HTTP/1.1\" 400 310 \"-\" \"-\" (-)\r\n61.152.104.80 - - [28/Mar/2005:00:02:17 +0800] \"CONNECT tcpconn.tencent.com:443 HTTP/1.1\" 405 319 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:05:55 +0800] \"CONNECT tcpconn3.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:05:56 +0800] \"CONNECT tcpconn3.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:05:57 +0800] \"CONNECT tcpconn3.tencent.com:443 HTTP/1.1\" 405 320 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:05:57 +0800] \"CONNECT tcpconn4.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:05:58 +0800] \"CONNECT tcpconn4.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:06:02 +0800] \"CONNECT tcpconn4.tencent.com:443 HTTP/1.1\" 405 320 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:06:02 +0800] \"CONNECT tcpconn.tencent.com:443 HTTP/1.1\" 400 310 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:06:03 +0800] \"CONNECT tcpconn.tencent.com:443 HTTP/1.1\" 400 310 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:06:04 +0800] \"CONNECT tcpconn.tencent.com:443 HTTP/1.1\" 405 319 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:06:04 +0800] \"CONNECT tcpconn2.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:06:05 +0800] \"CONNECT tcpconn2.tencent.com:443 HTTP/1.1\" 400 311 \"-\" \"-\" (-)\r\n219.146.174.138 - - [28/Mar/2005:00:06:06 +0800] \"CONNECT tcpconn2.tencent.com:443 HTTP/1.1\" 405 320 \"-\" \"-\" (-)
archangle

论坛徽章:
0
2 [报告]
发表于 2005-03-28 08:48 |只看该作者

Apache被QQ ddos,请高手帮忙解决问题。

不会是有人设置错了ip吧,看起来只有2个ip,直接封掉你看行不行。
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
leix

论坛徽章:
0
3 [报告]
发表于 2005-03-28 09:01 |只看该作者

Apache被QQ ddos,请高手帮忙解决问题。

IP有很多,我只是摘录了一小段。估计有人把我的服务器列到了QQ的代理列表里,大量用户24小时不断的连接外网网卡的80端口,一个一个堵IP肯定不是好办法,还希望大侠们援手。
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
archangle

论坛徽章:
0
4 [报告]
发表于 2005-03-28 09:53 |只看该作者

Apache被QQ ddos,请高手帮忙解决问题。

晕啊,你真够背的,对付ddos真不知道有什么好办法,如果不是特别需要80端口,你干脆把服务器端口改改。
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP