Tình hình là em bị DDOS mấy ngày nay rồi 
Cài tạm DnP firewall cũng đỡ rồi ạ
Nhưng đợt tấn công này liên tục, không dừng kể cả ngày hay đêm.
httpd tăng cao
Em xin trích 1 đoạn Apache Usage Log
Code:
196.192.32.67 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
212.233.140.90 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
201.22.184.4 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
187.6.85.33 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
194.78.7.97 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
113.53.255.195 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
67.202.81.221 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
67.202.81.221 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
77.27.40.20 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
202.37.187.253 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
90.191.183.187 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
78.182.80.181 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
202.37.187.253 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
91.135.84.122 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
186.3.41.21 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
91.187.70.199 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
77.27.40.20 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
95.143.193.101 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
124.124.84.219 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
122.154.140.69 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
187.141.76.5 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
139.91.190.41 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
139.91.190.41 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
195.162.130.20 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
211.53.208.28 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
202.143.191.2 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
203.130.192.90 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
80.228.85.107 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
194.160.208.2 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
93.116.5.191 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
187.115.194.13 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
87.111.138.205 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
77.73.149.10 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
77.240.182.2 - - [16/May/2011:16:21:49 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
92.66.115.169 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
210.212.204.163 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
87.111.138.205 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
202.171.253.71 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
80.79.115.86 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
67.136.153.130 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
195.115.47.9 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
200.164.68.201 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1684 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
202.133.50.197 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
202.43.178.31 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
202.43.178.31 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
193.87.164.120 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
203.97.83.74 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
194.154.200.21 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
178.238.117.226 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
200.75.42.66 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1684 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
173.11.101.146 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
188.231.188.35 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
74.63.214.82 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
72.52.126.3 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
113.53.255.195 - - [16/May/2011:16:21:50 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
200.198.182.90 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
200.63.164.20 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
202.37.187.253 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
190.147.197.46 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
130.63.58.17 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
210.101.131.231 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
201.81.120.215 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
196.192.32.67 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.1" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
95.140.38.3 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
190.97.204.37 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
77.88.148.30 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
62.84.6.211 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
190.97.204.37 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.0" 200 1721 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
90.182.61.10 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
91.187.70.199 - - [16/May/2011:16:21:51 +0700] "GET /forum/ HTTP/1.1" 200 1665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
HTTPD luôn ở mức cao
Code:
httpd (pid 966 3078 3131 3214 3226 3231 3246 3250 3256 3264 3642 3686 3736 3737 3793 3794 3899 3900 3906 3908 3914 3916 3919 3923 4071 4143 4148 4175 4184 4219 4237 4262 4314 4321 4361 4366 4466 4508 4517 4522 4543 4549 4550 4556 4560 4568 4576 4577 4586 4587 4595 4596 4599 4728 4796 4853 4878 4901 5019 5020 5042 5045 5049 5050 5051 5054 5106 5112 5113 5117 5119 5123 5124 5126 5144 5152 5153 5161 5192 5194 5199 5201 5203 5205 5258 5259 5269 5279 5283 5290 5369 5404 5405 5409 5410 5436 5443 5450 5452 5454 5504 5509 5546 5552 5553 6255 6266 6268 6270 6271 6324 6331 6332 6333 6340 6343 6344 6346 6348 6353 6521 6881 8068 8069 8074 8075 8076 8081 8083 8084 8091 8093 8094 8095 8100 8101 8104 8105 8108 8109 8110 8112 8113 8114 8120 8125 8128 8132 8135 8137 8141 8142 8145 8148 8153 8230 8237 8238 8337 8385 8386 8395 8397 8409 8415 8419 8432 8443 8446 8448 8450 8452 8453 8456 8458 8459 8460 8463 8464 8465 8467 8468 8469 8470 8471 8475 8478 8502 8503 8504 8541 8552 8554 8555 8560 8561 8563 8564 8569 8571 8574 8576 8579 8580 8582 8583 8584 8585 8586 8587 8588 8589 8590 8591 8592 8593 8594 8598 8607 8622 8640 8642 8643 8645 8649 8651 8652 8653 8656 8657 8658 8660 8662 8663 8664 8665 8666 8667 8668 8669 8673 8674 8675 8676 8677 8678 8679 8680 8682 8683 8684 8685 8686 8687 8688 8689 8691 8692 8693 8695 8696 8697 8698 8699 8700 8701 8702 8703 8704 8791 8803 8807 8808 8812 8813 8814 8821 8822 8823 8824 8825 8826 8827 8828 8847 8852 8853 8858 8879 26109 31005 31476 31838 31924 31990 32091 32572 32631 )
Em mong anh / chị giúp chống cái này với ạ.
server em cũng đang cài CSF
![[Rule]](/hvaonline/templates/viet/images/icon_mini_rule.gif "[Rule]"){kind=icon}
![[Home]](/hvaonline/templates/viet/images/icon_mini_groups.gif "[Home]"){kind=icon}
![[Portal]](/hvaonline/templates/viet/images/icon_mini_portal.gif "[Portal]"){kind=icon}
![[Members]](/hvaonline/templates/viet/images/icon_mini_members.gif "[Members]"){kind=icon}
![[Statistics]](/hvaonline/templates/viet/images/icon_mini_stats.gif "[Statistics]"){kind=icon}
![[Search]](/hvaonline/templates/viet/images/icon_mini_search.gif "[Search]"){kind=icon}
![[Reading Room]](/hvaonline/templates/viet/images/icon_mini_book.gif "[Reading Room]"){kind=icon}
![[Register]](/hvaonline/templates/viet/images/icon_mini_register.gif "[Register]"){kind=icon}
Register![[Login]](/hvaonline/templates/viet/images/icon_mini_login.gif "[Login]"){kind=icon}
Login [
đây là cách em thường làm