On Wed, October 3, 2007 9:13 am, Tony Sceats wrote:
> You should definitely check the logs to see what's being looked at..
> depending upon what it is and who it is there's a variety of things you
> can do - eg change images to a lower res, or put a forbidden rule into
> your htaccess files for the page being requested, or firewall off
> offending IPs (better the further upstream, but even an iptables rule to
> drop packets could do you good)
thanks, everyone, for all the comments
well, I'm looking at the logs now, as far as I can see, it was a
legitimate URL/pdf that was being downloaded from about 4 different IPs
that about monopolized this server, not sure what to make of it
219.95.162.90
219.95.174.127
90.162.95.219.klj01-home.tm.net.my
219.95.158.80
219.95.30.136
# wc -l *.log
59829 2007-10-03-access.log
# grep 219.95.162.90 *.log | wc -l
31321
# grep 219.95.174.127 *.log | wc -l
14968
# grep 219.95.158.80 *.log | wc -l
10445
# grep 219.95.30.136 *.log | wc -l
2574
from webalizer, it has like 4 x increase over average 12mnth usage in
hits/files/kb;
I'll scrape/paste some webalizer stats at the end, though, doubt it makes
much sense 'on it's own'
[funny, webalizer clearly identifies this, BUT, analog doesn't, perhaps
something is not configured optimally, perhaps I've excluded some
dirs/file type]
also, I might have lost some of the logs, at the peak of this incident,
I've inadvertenly MOVED rather than COPY the live log, so, not sure if I
logged it all...
webalizer stats:
Monthly Statistics for October 2007
Total Hits 69050
Total Files 66763
Total Pages 272
Total Visits 130
Total KBytes 973680
Total Unique Sites 162
Total Unique URLs 306
Total Unique Referrers 29
Total Unique User Agents 36
. Avg Max
Hits per Hour 575 5096
Hits per Day 13810 54990
Files per Day 13352 53373
Pages per Day 54 77
Visits per Day 26 31
KBytes per Day 194736 768664
Top 30 of 162 Total Sites
# Hits Files KBytes Visits Hostname
1 26530 38.42% 26530 39.74% 359080 36.88% 0 0.00%
219.95.162.90
2 14968 21.68% 14968 22.42% 203213 20.87% 0 0.00%
219.95.174.127
3 11999 17.38% 11999 17.97% 162598 16.70% 0 0.00%
90.162.95.219.klj01-home.tm.net.my
4 11999 17.38% 11999 17.97% 162598 16.70% 0 0.00%
tm.net.my
5 10445 15.13% 10445 15.64% 141618 14.54% 0 0.00%
219.95.158.80
6 2601 3.77% 2482 3.72% 54634 5.61% 2 1.54%
219.95.30.136
Top 10 of 162 Total Sites By KBytes
# Hits Files KBytes Visits Hostname
1 26530 38.42% 26530 39.74% 359080 36.88% 0 0.00%
219.95.162.90
2 14968 21.68% 14968 22.42% 203213 20.87% 0 0.00%
219.95.174.127
3 11999 17.38% 11999 17.97% 162598 16.70% 0 0.00%
90.162.95.219.klj01-home.tm.net.my
4 11999 17.38% 11999 17.97% 162598 16.70% 0 0.00%
tm.net.my
5 10445 15.13% 10445 15.64% 141618 14.54% 0 0.00%
219.95.158.80
6 2601 3.77% 2482 3.72% 54634 5.61% 2 1.54%
219.95.30.136
--
Voytek
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
