LINUX.ORG.RU
ФорумAdmin

Странные конекти в логах апача

 , ,


1

1

Всем привет. Есть сервак на котором работает сайт. Периодически mysql грузит сервак на 100%, причем в логах mysql все норм, а вот логах апача есть странные строки

 110.85.72.126 - - [22/May/2013:10:21:37 +0300] "CONNECT www.google.com.gt:443 HTTP/1.1" 200 268 "-" "-"
46.247.153.235 - - [22/May/2013:10:22:12 +0300] "GET /images/board/small_d96da342855de7b3f188c42b880f83ae.jpg HTTP/1.1" 200 15522 "http://anko$
93.182.134.15 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
69.162.117.3 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
91.236.75.40 - - [22/May/2013:10:21:47 +0300] "\x16\x03\x01" 200 60 "-" "-"
59.58.153.78 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
110.85.72.107 - - [22/May/2013:10:21:47 +0300] "\x16\x03\x01" 200 60 "-" "-"
46.247.153.235 - - [22/May/2013:10:22:15 +0300] "GET /images/content/003a3d7985f302525b2badc2693f5801.jpg HTTP/1.1" 200 57309 "http://ankontr.$
59.61.134.169 - - [22/May/2013:10:21:47 +0300] "\x16\x03\x01" 200 60 "-" "-"
120.37.208.93 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
202.105.63.177 - - [22/May/2013:10:21:50 +0300] "\x16\x03\x01" 200 60 "-" "-"
46.105.111.76 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01\x01\x18\x01" 200 60 "-" "-"
59.58.154.64 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
110.85.74.119 - - [22/May/2013:10:21:45 +0300] "\x16\x03\x01" 200 60 "-" "-"
94.242.237.129 - - [22/May/2013:10:21:48 +0300] "\x16\x03\x01" 200 60 "-" "-"
198.20.175.42 - - [22/May/2013:10:21:47 +0300] "\x16\x03\x01" 200 60 "-" "-"
120.42.6.24 - - [22/May/2013:10:21:35 +0300] "CONNECT www.google.tt:443 HTTP/1.1" 200 268 "-" "-"
120.37.208.93 - - [22/May/2013:10:21:45 +0300] "CONNECT www.google.ws:443 HTTP/1.1" 200 268 "-" "-"
59.56.44.126 - - [22/May/2013:10:21:48 +0300] "CONNECT www.google.nu:443 HTTP/1.1" 200 268 "-" "-"
110.85.74.45 - - [22/May/2013:10:21:56 +0300] "CONNECT www.google.gl:443 HTTP/1.1" 200 268 "-" "-"
198.100.146.161 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
61.191.188.213 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
218.85.145.193 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
113.212.70.26 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
175.44.11.164 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
110.85.74.119 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
218.6.15.42 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
69.162.117.3 - - [22/May/2013:10:21:45 +0300] "\x16\x03\x01" 200 60 "-" "-"
222.77.232.101 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
142.4.117.37 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"
175.44.34.172 - - [22/May/2013:10:21:57 +0300] "\x16\x03\x01" 200 60 "-" "-"
120.42.6.24 - - [22/May/2013:10:21:50 +0300] "\x16\x03\x01" 200 60 "-" "-"
175.44.9.227 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"198.20.175.42 - - [22/May/2013:10:22:05 +0300] "\x16\x03\x01" 200 60 "-" "-"
218.10.17.161 - - [22/May/2013:10:21:37 +0300] "CONNECT www.google.co.bw:443 HTTP/1.1" 200 268 "-" "-"
110.85.72.126 - - [22/May/2013:10:21:35 +0300] "CONNECT www.google.com.gt:443 HTTP/1.1" 200 268 "-" "-"
218.85.145.193 - - [22/May/2013:10:21:32 +0300] "CONNECT www.google.co.jp:443 HTTP/1.1" 200 268 "-" "-"
27.153.251.106 - - [22/May/2013:10:21:45 +0300] "CONNECT www.google.sh:443 HTTP/1.1" 200 268 "-" "-"
114.112.46.17 - - [22/May/2013:10:21:45 +0300] "CONNECT www.google.com.pa:443 HTTP/1.1" 200 268 "-" "-"
175.44.11.164 - - [22/May/2013:10:22:05 +0300] "\x16\x03\x01" 200 60 "-" "-"
27.153.251.106 - - [22/May/2013:10:21:32 +0300] "CONNECT www.google.sh:443 HTTP/1.1" 200 268 "-" "-"
46.105.111.76 - - [22/May/2013:10:21:32 +0300] "CONNECT www.google.de:443 HTTP/1.1" 200 268 "-" "-"
59.58.154.64 - - [22/May/2013:10:21:45 +0300] "CONNECT www.google.com.gi:443 HTTP/1.1" 200 268 "-" "-"
198.100.146.161 - - [22/May/2013:10:21:51 +0300] "CONNECT www.google.nr:443 HTTP/1.1" 200 268 "-" "-"
116.205.60.198 - - [22/May/2013:10:21:36 +0300] "CONNECT www.google.com.tj:443 HTTP/1.1" 200 268 "-" "-"
220.160.154.177 - - [22/May/2013:10:21:36 +0300] "CONNECT www.google.com.et:443 HTTP/1.1" 200 268 "-" "-"
218.10.17.170 - - [22/May/2013:10:21:42 +0300] "CONNECT www.google.ru:443 HTTP/1.1" 200 268 "-" "-"
59.58.153.78 - - [22/May/2013:10:21:35 +0300] "CONNECT www.google.ie:443 HTTP/1.1" 200 268 "-" "-"
112.101.64.104 - - [22/May/2013:10:21:33 +0300] "CONNECT www.google.ca:443 HTTP/1.1" 200 268 "-" "-"
110.85.74.119 - - [22/May/2013:10:21:39 +0300] "CONNECT www.google.ht:443 HTTP/1.1" 200 268 "-" "-"

27.153.251.106 - - [22/May/2013:10:21:49 +0300] "\x16\x03\x01" 200 60 "-" "-"

Не знаю что со всем этим делать.


Ubuntu: проксирование трафика
Модем режет пакеты

Ответ на: комментарий от anonymous

слушал, отключил, посмотрим што будет.

Uvizor
() автор топика
Ответ на: комментарий от beastie

внес изменения в sites-enabled и php.ini удалось заблокировать обработку этих запросов, но они все еще ​​идут и количеством грузит сервак, правда сайт уже остается рабочим во время их нашествия 

# Second, we configure the "default" Location to restrict the methods
allowed
# to stop CONNECT method attacks.
#

<Location />
    <LimitExcept GET POST>
       Order allow,deny
       Deny from all
    </LimitExcept>
</Location>{/code]

Uvizor
() автор топика
4 октября 2013 г.
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Ubuntu: проксирование трафика
Admin
Модем режет пакеты