[Shorewall-users] Can Shorewall Help Me?

Tue, 24 Aug 2010 19:39:25 -0700 

Hello,

I've been a Shorewall user and supporter for many years and it has been a great 
tool. But recently our Web servers have been under attack and I can figure out 
how to stop it. The problem is that the attacks are coming in on port 80 all 
from different IPs. I'm talking thousands of requests per hour. I can't find 
any information on how to stop this kind of attack. What I'm doing right now is 
redirecting these from cgi to a page using mod rewrite, but this isn't stopping 
all these requests from being initiated and it's killing our server. Any ideas 
on what to do?

216.109.73.21 - - [24/Aug/2010:19:21:25 -0700] "GET 
/cgi-bin/sitesearch.cgi?t=XXXdUwYrtYXXXdU HTTP/1.0" 302 298 
"http://vanhanhphuc.com/"; "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; 
rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9"
200.43.141.173 - - [24/Aug/2010:19:21:25 -0700] "GET 
/cgi-bin/sitesearch.cgi?t=XXXdUwYrtYXXXdU HTTP/1.0" 302 298 
"http://vanhanhphuc.com/"; "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; 
rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9"
210.13.105.7 - - [24/Aug/2010:19:21:26 -0700] "GET 
/cgi-bin/sitesearch.cgi?t=XXXdUwYrtYXXXdU HTTP/1.1" 302 298 
"http://vanhanhphuc.com/"; "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; 
rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9"

I have verified that there is nothing on the "http://vanhanhphuc.com/"; page 
pointing to us (no frames, script or ?). What you will notice is that all these 
requests have the same user-agent (millions of them exactly the same) which 
leads me to believe this is a worm of some sort.

Is there anything Shorewall can do to help us? If not, any ideas of what we can 
do?

Thanks in advance,
John
                                          
------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to