Results 1 to 7 of 7
  1. #1
    Join Date
    Jun 2005
    Posts
    87

    How to stop "flood" attacks ?

    Hello, I'm running Apache 1.3 on Windows...and its receiving some kind of a flood attack or something, to explain better here is a part of the log:

    65.38.173.68 - - [14/Jun/2005:10:09:16 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    217.112.89.231 - - [14/Jun/2005:10:09:16 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    205.214.78.1 - - [14/Jun/2005:10:09:16 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    205.214.82.16 - - [14/Jun/2005:10:09:16 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    80.168.8.35 - - [14/Jun/2005:10:09:16 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    66.249.136.9 - - [14/Jun/2005:10:09:16 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    66.33.218.7 - - [14/Jun/2005:10:09:16 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.64"
    205.214.79.192 - - [14/Jun/2005:10:09:16 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    216.157.136.2 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    72.29.66.31 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    216.57.220.46 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.65"
    66.246.72.43 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.65"
    207.99.85.194 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    212.78.79.29 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.65"
    216.74.101.254 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    80.168.8.35 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    66.195.42.1 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    217.112.89.231 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    212.78.79.29 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.65"
    66.225.240.202 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"
    207.228.228.4 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.65"
    80.168.8.35 - - [14/Jun/2005:10:09:17 +0200] "GET /somefile HTTP/1.1" 200 71631 "-" "libwww-perl/5.803"

    Is there any tool to stop or block this ?

    I just keep adding the ip's to the firewall, but there appears more and more ip's, and it's consuming my bandwidth

  2. #2
    Greetings:

    You may want to check out mod_dosevasive from http://www.nuclearelephant.com/projects/dosevasive/

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  3. #3
    Join Date
    Jun 2005
    Posts
    87
    Does that work on windows ?

  4. #4
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    Originally posted by lumigo
    Does that work on windows ?
    Well that's a mod for Apache, so no.

    Thanks,
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  5. #5
    Join Date
    Jun 2005
    Posts
    87

    *

    So, is there any solution for my problem ?

  6. #6
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,549
    mod_rewrite can stop that, put this in your .htaccess file

    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} ^libwww-(.*).htm
    RewriteRule ^(.*) http://noaccess.com [L]
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: [email protected]

  7. #7
    Join Date
    Jun 2005
    Posts
    87
    That didn't work very well ;o

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •