ddos??

[nero0247]

How do I keep this from happening. It seems to be using a lot of processes and therefore lagging or timming out apache. there are several ip address doing this. please help

[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/xmlrpc
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/xmlrpc
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/xmlsrv
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/blog
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/xmlsrv
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/blog
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/drupal
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/community
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/drupal
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/blogs
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/community
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/blogs
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/blogs
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/blog
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/blogs
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/blogtest
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/blog
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/b2
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/blogtest
[Mon Jun 26 01:16:36 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/b2evo
[Mon Jun 26 01:16:37 2006] [error] [client 8.6.223.22] File does not exist: /var/www/vhosts/default/htdocs/b2

 

[0031]

If you know IP addresses - you may simply block them with iptables.. use 'drop' target

But actually I thought that "file does not exist" is sufficiently fast in Apache...

 

[nero0247]

i do

i do know the ip address but it is amazing to look through the logs and see 100s of people doing this and then you will see "exhausted". is there something i can do to see if there is a script doing this?

 

[0031]

grep 'File does not exists' error_log | awk '{print substr($8,0, length($8)-1)}' | sort | uniq

And BTW that's not 100s of people, that 100s of zombies/bots

 

[nero0247]

nothing

grep 'File does not exists' error_log | awk '{print substr($8,0, length($8)-1)}' | sort | uniq

that command did nothing but drop me a prompt. what else can i do?

 

[0031]

Re: nothing

Originally posted by nero0247
grep 'File does not exists' error_log | awk '{print substr($8,0, length($8)-1)}' | sort | uniq

that command did nothing but drop me a prompt. what else can i do?

My fault replace "exists" with "exist" in the search string.