English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận bảo mật Cách hạn chế cho hình thức DDOS này  XML
  [Discussion]   Cách hạn chế cho hình thức DDOS này 27/12/2012 13:21:06 (+0700) | #1 | 272167
emdinoiay
Member
[Minus]    0    [Plus]
Joined: 20/11/2012 19:50:22
Messages: 17
Offline
[Profile] [PM]
Như tiêu đề, anh nào có kinh nghiệm cho em cái ý kiến để "loại" bớt cái này.

Đây là access logs:
Code:
198.51.223.126 - - [27/Dec/2012:14:02:41 +0700] "GET / HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
186.42.160.250 - - [27/Dec/2012:14:02:41 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
119.235.54.69 - - [27/Dec/2012:14:02:41 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
120.138.84.18 - - [27/Dec/2012:14:02:41 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
78.85.39.109 - - [27/Dec/2012:14:02:41 +0700] "GET / HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
80.242.214.149 - - [27/Dec/2012:14:02:41 +0700] "GET / HTTP/1.0" 301 322 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
46.137.17.166 - - [27/Dec/2012:14:02:42 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
2.184.31.2 - - [27/Dec/2012:14:02:42 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
190.2.233.13 - - [27/Dec/2012:14:02:42 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
110.77.200.62 - - [27/Dec/2012:14:02:42 +0700] "GET / HTTP/1.0" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
209.203.35.82 - - [27/Dec/2012:14:02:43 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
201.35.34.19 - - [27/Dec/2012:14:02:43 +0700] "GET / HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
201.35.34.19 - - [27/Dec/2012:14:02:43 +0700] "GET / HTTP/1.0" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
125.253.117.229 - - [27/Dec/2012:14:02:43 +0700] "GET / HTTP/1.0" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
201.249.122.134 - - [27/Dec/2012:14:02:44 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
46.137.17.166 - - [27/Dec/2012:14:02:44 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
189.80.168.162 - - [27/Dec/2012:14:02:44 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
208.51.63.112 - - [27/Dec/2012:14:02:44 +0700] "GET / HTTP/1.0" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
86.35.84.194 - - [27/Dec/2012:14:02:44 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
178.208.255.123 - - [27/Dec/2012:14:02:44 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
190.144.162.238 - - [27/Dec/2012:14:02:44 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
95.159.105.2 - - [27/Dec/2012:14:02:44 +0700] "GET / HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
178.149.6.185 - - [27/Dec/2012:14:02:45 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
189.80.168.162 - - [27/Dec/2012:14:02:45 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
217.219.184.58 - - [27/Dec/2012:14:02:45 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
178.208.255.123 - - [27/Dec/2012:14:02:45 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
195.22.240.18 - - [27/Dec/2012:14:02:45 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
200.71.86.50 - - [27/Dec/2012:14:02:45 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
109.74.236.165 - - [27/Dec/2012:14:02:45 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
198.51.223.126 - - [27/Dec/2012:14:02:45 +0700] "GET / HTTP/1.0" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
212.33.250.197 - - [27/Dec/2012:14:02:45 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
200.215.4.193 - - [27/Dec/2012:14:02:46 +0700] "GET / HTTP/1.0" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
61.247.48.154 - - [27/Dec/2012:14:02:46 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
80.67.170.30 - - [27/Dec/2012:14:02:44 +0700] "GET / HTTP/1.1" 200 92843 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
81.1.237.210 - - [27/Dec/2012:14:02:47 +0700] "GET / HTTP/1.0" 301 322 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
217.219.123.59 - - [27/Dec/2012:14:02:47 +0700] "GET / HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
72.64.146.136 - - [27/Dec/2012:14:02:47 +0700] "GET / HTTP/1.0" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
72.64.146.136 - - [27/Dec/2012:14:02:47 +0700] "GET / HTTP/1.0" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
176.31.111.181 - - [27/Dec/2012:14:02:47 +0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
37.232.77.37 - - [27/Dec/2012:14:02:47 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
78.85.39.109 - - [27/Dec/2012:14:02:47 +0700] "GET / HTTP/1.0" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
62.162.6.11 - - [27/Dec/2012:14:02:48 +0700] "GET / HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
110.77.200.62 - - [27/Dec/2012:14:02:48 +0700] "GET / HTTP/1.0" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
24.158.199.54 - - [27/Dec/2012:14:02:48 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
189.80.168.162 - - [27/Dec/2012:14:02:48 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
24.158.199.54 - - [27/Dec/2012:14:02:48 +0700] "GET / HTTP/1.1" 301 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
78.29.9.104 - - [27/Dec/2012:14:02:48 +0700] "GET / HTTP/1.0" 301 322 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"

Khoảng 50-100 rq như thế này trên một giây, mặc dù không ảnh hưởng mấy đến các website còn lại, nhưng em muốn hỏi về có cách nào triệt để thằng này không. Em đã chặn bằng mod_sec và viết một script nhỏ để banned tạm thời (bằng firewall csf). Mong mấy anh chỉ giáo dùm em.
[Up] [Print Copy]
  [Discussion]   Cách hạn chế cho hình thức DDOS này 27/05/2013 14:46:14 (+0700) | #2 | 276019
[Avatar]
 PETER
Member
[Minus]    0    [Plus]
Joined: 14/10/2005 03:53:19
Messages: 39
Offline
[Profile] [PM] [WWW]
Theo mình request với user-agent kiểu này sơ sài quá, dễ bị thiếu header, bạn chặn với HTTP Accept-Encoding và Accept-Language thế nào cũng dính.
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|