Ha, pai iata ce am in log: 222.34.100.248 - - [07/Sep/2004:10:52:53 +0300] "GET http://gozing.directtrack.com/42/1135/144 HTTP/1.0" 302 0 81.104.216.81 - - [07/Sep/2004:10:52:50 +0300] "GET http://p10.movies.scd.yahoo.com/profiles/[EMAIL PROTECTED] HTTP/1.0" 302 84 210.254.64.73 - - [07/Sep/2004:10:52:49 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/jsbanner?sid=2161421&pid=872166317 HTTP/1.1" 200 0 60.35.116.226 - - [07/Sep/2004:10:53:03 +0300] "GET http://www.apserver.net/user/happy/inlink.php?id=kawasefu HTTP/1.0" 200 370 210.254.64.73 - - [07/Sep/2004:10:52:59 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/gifbanner?sid=2161421&pid=872166317 HTTP/1.1" 302 97 210.82.34.169 - - [07/Sep/2004:10:53:05 +0300] "GET http://data.alexa.com/data/Pq3b012ef000L8?cli=10&dat=snba&ver=7.0&cdt=alx_vw%3D20%26wid%3D28335%26act%3D00000000000%26ss%3D1024x768%26bw%3D768%26t%3D0ttl%3D1797%26vis%3D1%26rq%3D5&url=http://www.softhouse.com.cn HTTP/1.0" 200 2087 210.254.64.73 - - [07/Sep/2004:10:53:10 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/htmlbanner?sid=2161421&pid=872166312 HTTP/1.1" 200 212 81.104.216.81 - - [07/Sep/2004:10:53:19 +0300] "GET http://movies.yahoo.com/profiles/smithsassy29 HTTP/1.0" 302 83 210.254.64.73 - - [07/Sep/2004:10:53:20 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/jsbanner?sid=2161421&pid=872166312 HTTP/1.1" 200 0 68.239.253.72 - - [07/Sep/2004:10:52:52 +0300] "GET http://e4.edit.cnb.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=deathfromabove__&passwd=devil HTTP/1.0" 200 18222 210.254.64.73 - - [07/Sep/2004:10:53:31 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/gifbanner?sid=2161421&pid=872166312 HTTP/1.1" 302 97 65.78.12.211 - - [07/Sep/2004:10:53:39 +0300] "GET http://www.outwar.com/page.php?x=2209718 HTTP/1.0" 200 382 218.5.160.155 - - [07/Sep/2004:10:53:37 +0300] "GET http://engine911.com/search.php?username=72freeclicks&keywords=Casinos HTTP/1.1" 502 563 81.241.132.209 - - [07/Sep/2004:10:53:12 +0300] "GET http://login.korea.yahoo.com/config/login?.redir_from=PROFILES?.&login=&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=fantominus____52&passwd=123456 HTTP/1.0" 200 15431 210.254.64.73 - - [07/Sep/2004:10:53:41 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/htmlbanner?sid=2161421&pid=872166322 HTTP/1.1" 200 212 81.104.216.81 - - [07/Sep/2004:10:53:41 +0300] "GET http://p1.movies.dcn.yahoo.com/profiles/[EMAIL PROTECTED] HTTP/1.0" 302 83 222.34.100.248 - - [07/Sep/2004:10:53:02 +0300] "GET http://images.directtrack.com/gozing/144.gif HTTP/1.0" 200 20251 208.181.173.34 - - [07/Sep/2004:10:53:10 +0300] "GET http://l17.login.scd.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=fly_azn_systah_1&passwd=pussy HTTP/1.0" 200 18206 217.229.176.14 - - [07/Sep/2004:10:53:34 +0300] "HEAD http://www.teenboylover.net/members/ HTTP/1.0" 401 0 24.164.86.75 - - [07/Sep/2004:10:52:53 +0300] "GET http://edit.europe.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=psycho_pizza&passwd=hostile HTTP/1.0" 200 18239 24.141.193.74 - - [07/Sep/2004:10:53:23 +0300] "GET http://l17.login.dcn.yahoo.com/config/login?.redir_from=PROFILES?.&login=&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=Adore_Wh0re_&passwd=love HTTP/1.0" 200 18198 69.111.57.44 - - [07/Sep/2004:10:53:43 +0300] "GET http://t1.member.ukl.yahoo.com/config/login?.redir_FROM=SBC_CLIENT&.intl=au&.tries=1&.src=jpg&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=lyn&passwd=yahoo HTTP/1.0" 200 3466 210.254.64.73 - - [07/Sep/2004:10:53:52 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/jsbanner?sid=2161421&pid=872166322 HTTP/1.1" 200 0 222.33.86.83 - - [07/Sep/2004:10:53:40 +0300] "GET http://www.armor2net.com/free_download/firewall_downloads.htm HTTP/1.0" 200 12182 151.196.113.152 - - [07/Sep/2004:10:53:55 +0300] "GET http://www.bluechiptraffic.com/traffic/?VFJDSz0xMjQy HTTP/1.0" 200 431 68.195.81.50 - - [07/Sep/2004:10:53:56 +0300] "HEAD http://pinupfiles.com/members/ HTTP/1.0" 401 0 67.168.28.34 - - [07/Sep/2004:10:53:40 +0300] "GET http://login.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=travisma&passwd=scotty HTTP/1.0" 200 16476 210.254.64.73 - - [07/Sep/2004:10:54:02 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/gifbanner?sid=2161421&pid=872166322 HTTP/1.1" 302 97 156.34.158.22 - - [07/Sep/2004:10:53:40 +0300] "GET http://e1.bjs.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=spike_________&passwd=123456 HTTP/1.0" 403 986 68.79.48.55 - - [07/Sep/2004:10:53:27 +0300] "GET http://l10.login.scd.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=lightning_jock&passwd=limit HTTP/1.0" 200 18198 222.33.86.83 - - [07/Sep/2004:10:54:06 +0300] "GET http://www.armor2net.com/artcss/artstyle01.css HTTP/1.0" 200 156 81.104.216.81 - - [07/Sep/2004:10:54:09 +0300] "GET http://p2.movies.dcn.yahoo.com/profiles/smithsimon15 HTTP/1.0" 302 83 220.240.161.146 - - [07/Sep/2004:10:53:33 +0300] "GET http://l2.login.krn.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=no+where&passwd=angelkisses HTTP/1.0" 200 17210 210.254.64.73 - - [07/Sep/2004:10:54:12 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/htmlbanner?sid=2161421&pid=872166318 HTTP/1.1" 200 212 209.143.50.19 - - [07/Sep/2004:10:54:05 +0300] "GET http://et.yahoo.co.kr/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=sexy_and_thirsty&passwd=pokemon HTTP/1.0" 403 979 60.35.116.226 - - [07/Sep/2004:10:54:18 +0300] "GET http://www.apserver.net/user/kazu32/inlink.php?id=kawasefu HTTP/1.0" 302 0 222.33.86.83 - - [07/Sep/2004:10:54:09 +0300] "GET http://hostingprod.com/js_source/geov2.js HTTP/1.0" 200 635 222.33.86.83 - - [07/Sep/2004:10:54:20 +0300] "GET http://hostingprod.com/js_source/geov2.js HTTP/1.0" 200 635 222.33.86.83 - - [07/Sep/2004:10:54:20 +0300] "GET http://www.armor2net.com/artcss/artstyle01.css HTTP/1.0" 200 156 222.12.185.215 - - [07/Sep/2004:10:54:25 +0300] "GET http://sagisou.sakura.ne.jp/~deai2/cgi/out.cgi?justge HTTP/1.0" 302 292 210.254.64.73 - - [07/Sep/2004:10:54:23 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/jsbanner?sid=2161421&pid=872166318 HTTP/1.1" 200 0 24.167.241.172 - - [07/Sep/2004:10:53:57 +0300] "GET http://l21.login.dcn.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=exciter_&passwd=marijuana HTTP/1.0" 200 18182 218.19.72.56 - - [07/Sep/2004:10:54:29 +0300] "POST http://69.59.175.60/found-best.com/search.php HTTP/1.0" 404 407 216.96.39.93 - - [07/Sep/2004:10:53:25 +0300] "GET http://e3.in.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=horny36cwantspix2002&passwd=sextoy HTTP/1.0" 200 18252 222.12.185.215 - - [07/Sep/2004:10:54:30 +0300] "GET http://www4.ocn.ne.jp/~sexys/sef/?s HTTP/1.0" 200 1099 210.254.64.73 - - [07/Sep/2004:10:54:33 +0300] "GET http://ad.jp.ap.valuecommerce.com/servlet/gifbanner?sid=2161421&pid=872166318 HTTP/1.1" 302 97 81.104.216.81 - - [07/Sep/2004:10:54:33 +0300] "GET http://p3.movies.dcn.yahoo.com/profiles/smithsalbabe HTTP/1.0" 302 83 204.210.184.36 - - [07/Sep/2004:10:54:09 +0300] "GET http://edit.bjs.yahoo.com/config/login?.intl=us&.src=jpg.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=pork_s0d4&passwd=124568 HTTP/1.0" 200 16740 222.84.118.5 - - [07/Sep/2004:10:54:15 +0300] "GET http://union.sogou.com/cpc/partner.php?pid=crystalkt&type=10 HTTP/1.0" 200 5527 61.117.113.124 - - [07/Sep/2004:10:54:48 +0300] "GET http://wibo.m78.com/deai/ranklink.cgi?action2=vote&id=751cm HTTP/1.0" 302 289
On Tue, 07 Sep 2004 10:15:42 +0300, Mircea MITU <[EMAIL PROTECTED]> wrote: > > > On Tue, 2004-09-07 at 10:04 +0300, Teodor-Marius Buhus wrote: > > Salut, > > > > am si eu o problema mai... penibila. > > Pe un apache2-2.0.47-6mdk, rulez o aplicatie tip webmail la cere se > > conecteaza maxim 4 persoane dintre care 3 din reteaua interna > > (192.168.0.0 (masina pe care ruleaza acest apache este si router)). Am > > observat pe graficele care interpoleaza traficul, o crestere > > inexplicabila a trasferului INPUT si OUTPUT. Nu mai conteza prin ce > > metode, am dedus ca cel mai mult trafic se face pe portul 80, iar > > conexiuni de pe acest port erau vreo... 30. Am inchis Apache-ul pentru > > 1 h, si lucrurile au revenit la normal. Asadar, e clar... cineva sau > > ceva ma gadila la talpi pe portul 80. > > Deci, cum pot rezolva eu problema aceasta intr-o maniera eleganta si > > nu spartana (sa opresc apache-ul)? > > Multumesc! > > Din logurile de apache (de exemplu /var/log/httpd/access.log) sau ale > firewall-ului folosit sau un simplu netstat -tapn|grep 80 la momentul > potrivit (atunci cand te gadila cineva la talpi pe portul80) poti obtine > o lista cu ip-urile gadilicilor. > > Pe baza acestei liste le poti acorda cate un gold-membership in chainul > DROP al iptables sau sa alegi alte metode. > > -- > This message was scanned for spam and viruses by BitDefender > For more information please visit http://linux.bitdefender.com/ > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > > --- Detalii despre listele noastre de mail: http://www.lug.ro/
