Bonjour,
Le site GOALL.fr est saturé de requêtes depuis 2 jours. J'ai ajouté dans
le .htaccess les palges IP de la Russie, de la Chine etc. d'où venaient
le gros du trafic mais ça continue depuis d'autres pays maintenant. Ce
que je trouve bizarre, c'est que toutes les requêtes (2 millions par
jour) ciblent la même et unique page du site :
/apero-web-a-nancy-securite-web
C'est possible une attaque aussi ciblée ?
117.177.240.34 - - [22/Mar/2015:16:25:52 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 508 7287 "-" "Mozilla/5.0
(iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML,
like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
58.135.196.199 - - [22/Mar/2015:16:25:49 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 508 7287 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET
CLR 2.0.50727; AskTbPTV/5.11.3.15590)"
222.46.123.163 - - [22/Mar/2015:16:25:54 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 508 7287 "-" "Mozilla/5.0
(iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML,
like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
183.224.1.56 - - [22/Mar/2015:16:25:54 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 508 7287 "-" "Mozilla/5.0
(Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko)
Chrome/20.0.1132.47 Safari/536.11"
190-205-227-80.dyn.dsl.cantv.net - - [22/Mar/2015:16:25:45 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.0" 200 44020 "-" "Mozilla/5.0
(Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like
Gecko) Chrome/20.0.1132.47 Safari/536.11"
222.46.123.163 - - [22/Mar/2015:16:25:55 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 508 7287 "-" "Mozilla/5.0
(iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML,
like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
hn.kd.ny.adsl - - [22/Mar/2015:16:25:55 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.0" 508 7287 "-" "Mozilla/5.0
(Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko)
Chrome/19.0.1084.56 Safari/536.5"
mail.mizuho-c.ac.jp - - [22/Mar/2015:16:25:49 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 200 9222 "-" "Mozilla/5.0
(Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1"
183.224.1.13 - - [22/Mar/2015:16:25:55 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 508 7287 "-" "Mozilla/5.0
(Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko)
Chrome/20.0.1132.47 Safari/536.11"
201-211-155-127.genericrev.cantv.net - - [22/Mar/2015:16:25:55 +0100]
"GET /apero-web-a-nancy-securite-web HTTP/1.0" 508 7287 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET
CLR 2.0.50727; AskTbPTV/5.11.3.15590)"
222.46.123.163 - - [22/Mar/2015:16:25:55 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 508 7287 "-" "Mozilla/5.0
(iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML,
like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
114.80.182.132 - - [22/Mar/2015:16:25:55 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.0" 508 7287 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR
1.1.4322; PeoplePal 6.2)"
182.254.129.68 - - [22/Mar/2015:16:25:55 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.0" 508 7287 "-" "Mozilla/4.0
(compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition
[en]"
201-211-155-127.genericrev.cantv.net - - [22/Mar/2015:16:25:55 +0100]
"GET /apero-web-a-nancy-securite-web HTTP/1.0" 508 7287 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET
CLR 2.0.50727; AskTbPTV/5.11.3.15590)"
183.224.1.13 - - [22/Mar/2015:16:25:55 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 508 7287 "-" "Mozilla/5.0
(Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko)
Chrome/20.0.1132.47 Safari/536.11"
117.177.240.32 - - [22/Mar/2015:16:25:53 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 508 7287 "-" "Mozilla/5.0
(iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML,
like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
190-205-227-80.dyn.dsl.cantv.net - - [22/Mar/2015:16:25:55 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.0" 508 7287 "-" "Mozilla/5.0
(Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like
Gecko) Chrome/20.0.1132.47 Safari/536.11"
178.237.87.138 - - [22/Mar/2015:16:25:55 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.1" 508 7287 "-" "Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727;
.NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
hn.kd.ny.adsl - - [22/Mar/2015:16:25:55 +0100] "GET
/apero-web-a-nancy-securite-web HTTP/1.0" 508 7287 "-" "Mozilla/5.0
(Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko)
Chrome/19.0.1084.56 Safari/536.5"
--
David VANTYGHEM
Mél. : [email protected]
XMPP : [email protected]
http://compilibre.sourceforge.net http://www.education.free.fr
http://www.goall.fr http://www.cnll.fr
.--.
|o_o |
||_/ |
// \\ Envoyé de mon GNU/Linux
(| |)
/ \_ _/ \
\___)=(___/
_______________________________________________
libre mailing list
[email protected]
http://brassens.heberge.info/cgi-bin/mailman/listinfo/libre
