[Linux-bruxelles] faille Apache2 ? ... DOS attack...
Didier MISSON
didier.misson at total.com
Mar 23 Juin 14:02:53 CEST 2009
linux-bruxelles-bounces at lists.bxlug.be wrote on 23/06/2009 13:20:55:
> Salut,
>
> Pour commencer, que disent les logs d'apache ?
>
> La prochaine fois que ça arrive, fais un :
>
> netstat -tanpu | grep ":80 " | awk {'print $4'} | sort | uniq -c
J'ai ceci "au repos" :
didier at abrasd03:~$ sudo netstat -tanpu | grep ":80 " | awk {'print $4'} |
sort |
[sudo] password for didier:
1 0.0.0.0:80
2 127.0.0.1:80
2 192.168.168.251:80
Mais est-ce que j'arriverai à passer cette commande en cas de saturation
du serveur...
On verra.
---------------------
Dans les logs :
dans /log/apache2/access.log.1
localhost - - [06/Jan/2008:15:35:21 +0100] "GET /server-status?auto
HTTP/1.1" 200 299 "-" "libwww-perl/5.805"
localhost - - [06/Jan/2008:15:40:06 +0100] "GET /server-status?auto
HTTP/1.1" 200 299 "-" "libwww-perl/5.805"
localhost - - [06/Jan/2008:15:45:04 +0100] "GET /server-status?auto
HTTP/1.1" 200 299 "-" "libwww-perl/5.805"
127.0.0.1 - - [06/Jan/2008:15:47:27 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:27 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:27 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:27 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:27 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:27 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:27 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:30 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:30 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:30 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:30 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:47:30 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
localhost - - [06/Jan/2008:15:50:04 +0100] "GET /server-status?auto
HTTP/1.1" 200 299 "-" "libwww-perl/5.805"
127.0.0.1 - - [06/Jan/2008:15:51:51 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:51:51 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:51:51 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:51:51 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:51:51 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:51:51 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:51:51 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:51:51 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:51:51 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:15:51:51 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
localhost - - [06/Jan/2008:15:55:05 +0100] "GET /server-status?auto
HTTP/1.1" 200 299 "-" "libwww-perl/5.805"
192.168.168.20 - - [06/Jan/2008:15:59:14 +0100] "GET / HTTP/1.1" 403 259
"-" "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.11) Gecko/20071204
Ubuntu/7.10 (gutsy) Firefox/2.0.0.11"
192.168.168.20 - - [06/Jan/2008:15:59:19 +0100] "GET / HTTP/1.1" 403 259
"-" "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.11) Gecko/20071204
Ubuntu/7.10 (gutsy) Firefox/2.0.0.11"
127.0.0.1 - - [06/Jan/2008:23:48:21 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:23:48:21 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:23:48:21 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:23:48:21 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:23:48:21 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
127.0.0.1 - - [06/Jan/2008:23:48:21 +0100] "GET / HTTP/1.0" 403 267 "-"
"Apache (internal dummy connection)"
Normal ces "Internal dummy connection" ?
Remarque que je n'ai pas ce message ce matin !
----------------------------------------
Pas évident de s'y retrouver dans les logs...
Les logs d'Apache2 lui-même ? Ceux du domaine (je les ai séparé) ?
d'accès ou d'erreur ?
Merci,
--
Didier
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: </pipermail/linux-bruxelles/attachments/20090623/915a5c0d/attachment-0002.html>
Plus d'informations sur la liste de diffusion Linux-bruxelles