ataque en el puerto 80 [cerrado]

Question

ataque en el puerto 80 [cerrado]

#1 de Froggiz (1 votos)
#2 de DarkLighting (1 votos)

-2

Tengo un servidor de instancia de ubuntu ec2 que aloja el sitio apache2 & tomcat7 en el extremo posterior. De acuerdo con los registros de apache tengo duda de que hay ataques maliciosos! Por favor, ¿alguien puede confirmarlo y amp; ¿Qué puedo hacer para detenerlo?

Encontré que esas IP son de xyz, así que intenté bloquear el tráfico de Geo Restricción usando .htacces, ¡pero aún no sirve!

.htaccess:

#Geo Restrict
                MaxMindDBEnable On
#               MaxMindDBFile DB /path/to/GeoIP/GeoLite2-Country.mmdb
                MaxMindDBFile DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
                MaxMindDBEnv MM_COUNTRY_CODE DB/country/iso_code

#                SetEnvIf MM_COUNTRY_CODE ^(RU|DE|FR|US|CN) BlockCountry
                SetEnvIf MM_COUNTRY_CODE ^(IN) BlockCountry
                Allow from env=BlockCountry
#                Deny from env=BlockCountry

"/var/log/apache2access.log":

 188.143.232.19 - - [19/Nov/2015:10:02:05 +0000] "POST http://confessions.nerve.com/confessions/add HTTP/1.1" 200 5340 "http://confessions.nerve.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    5.45.79.4 - - [19/Nov/2015:10:02:06 +0000] "GET http://toolbarqueries.google.com/tbr?client=navclient-auto&ch=62284050769&ie=UTF-8&oe=UTF-8&features=Rank&q=info%3Ahttp%3A%2F%2Fblog.fabricinteractive.com%2Fwp-content%2Fthemes%2Flicense.php HTTP/1.1" 200 818 "-" "Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1"
    188.143.232.43 - - [19/Nov/2015:10:02:06 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dsite%253Asoundviewengineers.com%2520a%2520href%253Dhttp%253A%252F%252F%2520OR%2520%255Burl%253Dhttp%253A%252F%252F%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYoLy2sgUiGQDxp4NLQrzvBnbvmg6S5qqbxttbTFrHfHQ HTTP/1.1" 503 3443 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=site%3Asoundviewengineers.com%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    95.215.111.101 - - [19/Nov/2015:10:02:06 +0000] "GET http://steamcommunity.com/market/listings/730/Nova%20%7C%20Ranger%20%28Well-Worn%29/render/?query=&start=0&count=10&country=RU&language=russian&currency=5 HTTP/1.1" 429 815 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"
    188.143.232.62 - - [19/Nov/2015:10:02:06 +0000] "GET http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcutenews%2Fhome.php%3Fcomm_start_from%3D%20%22View%20guestbook%22%20site%3Abiz%20viagra&num=100&gws_rd=ssl HTTP/1.1" 302 1242 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcutenews%2Fhome.php%3Fcomm_start_from%3D%20%22View%20guestbook%22%20site%3Abiz%20viagra&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    69.64.50.250 - - [19/Nov/2015:10:02:06 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Flip%20Knife%20%7C%20Slaughter%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927351958 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.22 - - [19/Nov/2015:10:02:06 +0000] "GET http://search.yahoo.com/search?ei=utf-8&p=site%3Asunwooltd.com%20m%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1 HTTP/1.1" 999 2978 "http://search.yahoo.com/search?ei=utf-8&p=site%3Asunwooltd.com%20m%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1" "Mozilla/5.0 (Windows NT 5.2; rv:5.0) Gecko/20100101 Firefox/5.0"
    109.234.158.21 - - [19/Nov/2015:10:02:04 +0000] "CONNECT yandex.ru:443 HTTP/1.1" 200 53785 "-" "Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 Firefox/25.0"
    188.143.232.62 - - [19/Nov/2015:10:02:07 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dinurl%253A%252Fcutenews%252Fhome.php%253Fcomm_start_from%253D%2520%2522View%2520guestbook%2522%2520site%253Abiz%2520viagra%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYoby2sgUiGQDxp4NLSJ_Ek8k_8mneqvVmGriE3wqaxOs HTTP/1.1" 503 3481 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcutenews%2Fhome.php%3Fcomm_start_from%3D%20%22View%20guestbook%22%20site%3Abiz%20viagra&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.22 - - [19/Nov/2015:10:02:07 +0000] "GET http://search.yahoo.com/search?ei=utf-8&p=site%3Asteigerwaldrebellen.de%20k%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1 HTTP/1.1" 999 2994 "http://search.yahoo.com/search?ei=utf-8&p=site%3Asteigerwaldrebellen.de%20k%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1" "Mozilla/5.0 (Windows NT 5.2; rv:5.0) Gecko/20100101 Firefox/5.0"
    5.9.28.162 - - [19/Nov/2015:10:02:05 +0000] "POST http://voh.russianpost.ru:8080/niips-operationhistory-web/OperationHistory HTTP/1.1" 200 451 "-" "Mozilla/5.0 (Windows NT 6.3; rv:27.0) Gecko/20100101 Firefox/27.0"
    188.143.232.19 - - [19/Nov/2015:10:02:07 +0000] "POST http://confessions.nerve.com/confessions/add HTTP/1.1" 200 5340 "http://confessions.nerve.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.34 - - [19/Nov/2015:10:02:07 +0000] "GET http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fscript%2Fchat.cgi%3Fno%3D%20%22Title%3A%22%20site%3Afr%20a&num=100&gws_rd=ssl HTTP/1.1" 302 1184 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fscript%2Fchat.cgi%3Fno%3D%20%22Title%3A%22%20site%3Afr%20a&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    5.19.253.227 - - [19/Nov/2015:10:02:07 +0000] "GET http://steamcommunity.com/market/listings/730/AWP%20%7C%20Asiimov%20(Battle-Scarred)/render/?query=&start=0&count=1&country=RU&language=russian&currency=5&1992083898 HTTP/1.1" 429 852 "-" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.16"
    36.85.194.247 - - [19/Nov/2015:10:02:07 +0000] "POST http://check2.zennolab.com/proxy.php HTTP/1.1" 200 274 "RefererString" "-"
    69.64.50.250 - - [19/Nov/2015:10:02:08 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Bayonet%20%7C%20Safari%20Mesh%20(Field-Tested)/render/?country=RU&language=english&currency=5&count=7&1447927352753 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.62 - - [19/Nov/2015:10:02:06 +0000] "POST http://work.a-poster.info:25000/ HTTP/1.1" 200 391 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.34 - - [19/Nov/2015:10:02:08 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dinurl%253A%252Fscript%252Fchat.cgi%253Fno%253D%2520%2522Title%253A%2522%2520site%253Afr%2520a%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYory2sgUiGQDxp4NLCFzapaSOeJXgQvaH9AxGxcYKyhE HTTP/1.1" 503 3392 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fscript%2Fchat.cgi%3Fno%3D%20%22Title%3A%22%20site%3Afr%20a&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.41 - - [19/Nov/2015:10:02:08 +0000] "GET http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%22bookstore.cgi%22%20%22june%22%20j&num=100&gws_rd=ssl HTTP/1.1" 302 1114 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%22bookstore.cgi%22%20%22june%22%20j&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.11 - - [19/Nov/2015:10:02:07 +0000] "POST http://www.fengjiebathrooms.com/index.php/order HTTP/1.1" 200 577 "http://www.fengjiebathrooms.com/index.php/appraisal?page=16515" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    51.254.120.8 - - [19/Nov/2015:10:02:08 +0000] "GET http://www.eat-with.us/25-healthy-eating-diet-tips/?tb8 HTTP/1.1" 403 566 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4; pl-PL) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/7.0.5 Safari/537.77.4"
    69.64.50.250 - - [19/Nov/2015:10:02:08 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20StatTrak%E2%84%A2%20Karambit%20%7C%20Case%20Hardened%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927354145 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    69.64.50.250 - - [19/Nov/2015:10:02:07 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Gut%20Knife%20%7C%20Stained%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927351316 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.19 - - [19/Nov/2015:10:02:08 +0000] "POST http://confessions.nerve.com/confessions/add HTTP/1.1" 200 5340 "http://confessions.nerve.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    69.64.50.250 - - [19/Nov/2015:10:02:08 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20M9%20Bayonet%20%7C%20Forest%20DDPAT%20(Field-Tested)/render/?country=RU&language=english&currency=5&count=7&1447927353469 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.41 - - [19/Nov/2015:10:02:09 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dinurl%253A%2522bookstore.cgi%2522%2520%2522june%2522%2520j%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYory2sgUiGQDxp4NLCFzapaSOeJXgQvaH9AxGxcYKyhE HTTP/1.1" 503 3319 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%22bookstore.cgi%22%20%22june%22%20j&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    185.87.49.13 - - [19/Nov/2015:10:02:09 +0000] "GET http://steamcommunity.com/profiles/76561198122741909 HTTP/1.1" 200 41395 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
    95.211.196.33 - - [19/Nov/2015:10:01:55 +0000] "CONNECT www.marathonbet.com:443 HTTP/1.1" 200 7631 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"
    149.202.54.93 - - [19/Nov/2015:10:02:09 +0000] "GET http://www.eat-with.us/25-healthy-eating-diet-tips/?tb10 HTTP/1.1" 403 708 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5; pl-PL) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2"
    188.143.232.19 - - [19/Nov/2015:10:02:09 +0000] "POST http://confessions.nerve.com/confessions/add HTTP/1.1" 200 5340 "http://confessions.nerve.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.37 - - [19/Nov/2015:10:02:09 +0000] "GET http://www.americanlisted.com/new_york_32/pets_and_animals_47/jxdb0n/ HTTP/1.1" 404 27057 "http://whitewater-wi.americanlisted.com/53190/pets-leasure-time-hobbies/domestic-short-hair-dancer-medium-adult-male-cat_23421353.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.11 - - [19/Nov/2015:10:02:09 +0000] "POST http://www.fengjiebathrooms.com/index.php/order HTTP/1.1" 200 577 "http://www.fengjiebathrooms.com/index.php/appraisal?page=16515" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.34 - - [19/Nov/2015:10:02:10 +0000] "GET http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fboard.php%3Ftb%3D%20%22Required%20fields%20are%22%20site%3Acom%20n&num=100&gws_rd=ssl HTTP/1.1" 302 1200 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fboard.php%3Ftb%3D%20%22Required%20fields%20are%22%20site%3Acom%20n&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.37 - - [19/Nov/2015:10:02:09 +0000] "POST http://www.baoshijz.com/xcv2w93idn48f.asp?page=7305 HTTP/1.1" 200 10912 "http://www.baoshijz.com/xcv2w93idn48f.asp?page=7305" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.41 - - [19/Nov/2015:10:02:10 +0000] "POST http://www.biblus.ru/Default.aspx?mode=op&bk=1b17h286g8 HTTP/1.1" 500 5124 "http://www.biblus.ru/Default.aspx?mode=op&bk=1b17h286g8" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.19 - - [19/Nov/2015:10:02:10 +0000] "POST http://confessions.nerve.com/confessions/add HTTP/1.1" 200 5340 "http://confessions.nerve.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.34 - - [19/Nov/2015:10:02:11 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dinurl%253A%252Fboard.php%253Ftb%253D%2520%2522Required%2520fields%2520are%2522%2520site%253Acom%2520n%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYpby2sgUiGQDxp4NLU2N77ituKHIJSj4homKS8Pc3vLA HTTP/1.1" 503 3416 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fboard.php%3Ftb%3D%20%22Required%20fields%20are%22%20site%3Acom%20n&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    178.62.104.120 - - [19/Nov/2015:09:57:57 +0000] "GET http://betsbc.com/bets/bets.php HTTP/1.1" 503 563 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36"
    195.234.5.142 - - [19/Nov/2015:10:02:09 +0000] "CONNECT oauth.vk.com:443 HTTP/1.0" 200 5970 "-" "-"
    69.64.50.250 - - [19/Nov/2015:10:02:11 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Gut%20Knife%20%7C%20Stained%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927356209 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.11 - - [19/Nov/2015:10:02:11 +0000] "POST http://www.fengjiebathrooms.com/index.php/order HTTP/1.1" 200 577 "http://www.fengjiebathrooms.com/index.php/appraisal?page=16515" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    95.215.111.101 - - [19/Nov/2015:10:02:12 +0000] "GET http://steamcommunity.com/market/listings/730/Dual%20Berettas%20%7C%20Cobalt%20Quartz%20%28Minimal%20Wear%29/render/?query=&start=0&count=10&country=RU&language=russian&currency=5 HTTP/1.1" 429 815 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"
    69.64.50.250 - - [19/Nov/2015:10:02:12 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Bayonet%20%7C%20Safari%20Mesh%20(Field-Tested)/render/?country=RU&language=english&currency=5&count=7&1447927357655 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    69.64.50.250 - - [19/Nov/2015:10:02:12 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20Flip%20Knife%20%7C%20Slaughter%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927356908 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    94.23.214.156 - - [19/Nov/2015:10:02:09 +0000] "CONNECT api.paypal.com:443 HTTP/1.0" 200 6337 "-" "-"
    51.254.120.81 - - [19/Nov/2015:10:02:12 +0000] "GET http://www.cooking-ideas.net/hot/?tb9 HTTP/1.1" 403 696 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; pl-PL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36"
    54.193.55.118 - - [19/Nov/2015:10:02:10 +0000] "CONNECT api.paypal.com:443 HTTP/1.0" 200 6326 "-" "-"
    109.234.158.21 - - [19/Nov/2015:10:02:10 +0000] "CONNECT yandex.ru:443 HTTP/1.1" 200 55688 "https://yandex.ru/yandsearch?text=%D0%BC%D0%B5%D1%82%D0%B0%D0%BB%D0%BB%D0%BE%D0%BF%D0%BB%D0%B0%D1%81%D1%82%D0%BC%D0%B0%D1%81%D1%81%D0%BE%D0%B2%D1%8B%D0%B5+%D0%BA%D0%BE%D1%80%D0%BE%D0%BD%D0%BA%D0%B8&lr=213" "Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 Firefox/25.0"
    69.64.50.250 - - [19/Nov/2015:10:02:12 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20M9%20Bayonet%20%7C%20Forest%20DDPAT%20(Field-Tested)/render/?country=RU&language=english&currency=5&count=7&1447927358337 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    69.64.50.250 - - [19/Nov/2015:10:02:13 +0000] "GET http://steamcommunity.com/market/listings/730/%E2%98%85%20StatTrak%E2%84%A2%20Karambit%20%7C%20Case%20Hardened%20(Minimal%20Wear)/render/?country=RU&language=english&currency=5&count=7&1447927359020 HTTP/1.1" 429 837 "-" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0"
    188.143.232.40 - - [19/Nov/2015:10:02:08 +0000] "POST http://santaefigeniapernambucana.com.br/loja/postreview.php HTTP/1.1" 302 474 "http://santaefigeniapernambucana.com.br/loja/products/Gravador-Dig.-De-Aud.-E-Vid.-8-Canais-Dvr-Sata-Vd-3008.html?revpage=149" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.11 - - [19/Nov/2015:10:02:12 +0000] "POST http://www.fengjiebathrooms.com/index.php/order HTTP/1.1" 200 577 "http://www.fengjiebathrooms.com/index.php/appraisal?page=16515" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.62 - - [19/Nov/2015:10:02:13 +0000] "GET http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcgi-bin%2Fminibbs.cgi%3Fmode%3D%20%22Your%20e-mail%3A%22%20site%3Ainfo%20levitra&num=100&gws_rd=ssl HTTP/1.1" 302 1232 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcgi-bin%2Fminibbs.cgi%3Fmode%3D%20%22Your%20e-mail%3A%22%20site%3Ainfo%20levitra&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    188.143.232.22 - - [19/Nov/2015:10:02:14 +0000] "GET http://search.yahoo.com/search?ei=utf-8&p=site%3Aspa.bg%20i%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1 HTTP/1.1" 999 2973 "http://search.yahoo.com/search?ei=utf-8&p=site%3Aspa.bg%20i%20a%20href%3Dhttp%3A%2F%2F%20OR%20%5Burl%3Dhttp%3A%2F%2F&n=100&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vst=0&vf=all&vm=p&fl=0&fr=yfp-t-701&xargs=0&pstart=1" "Mozilla/5.0 (Windows NT 5.2; rv:5.0) Gecko/20100101 Firefox/5.0"
    188.143.232.62 - - [19/Nov/2015:10:02:14 +0000] "GET http://ipv4.google.com/sorry/IndexRedirect?continue=http://www.google.com/search%3Fie%3Dutf-8%26oe%3Dutf-8%26hl%3Den%26q%3Dinurl%253A%252Fcgi-bin%252Fminibbs.cgi%253Fmode%253D%2520%2522Your%2520e-mail%253A%2522%2520site%253Ainfo%2520levitra%26num%3D100%26gws_rd%3Dssl&q=CGMSBDapqgcYqLy2sgUiGQDxp4NLYu-kCPvL_N7zpKfNskycakgzv2c HTTP/1.1" 503 3458 "http://www.google.com/search?ie=utf-8&oe=utf-8&hl=en&q=inurl%3A%2Fcgi-bin%2Fminibbs.cgi%3Fmode%3D%20%22Your%20e-mail%3A%22%20site%3Ainfo%20levitra&num=100&gws_rd=ssl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    ^C

audit attack-prevention apache

pregunta Ashish Karpe 19.11.2015 - 11:38

fuente

2 respuestas

1

Ashish, parece que varias computadoras lo están utilizando como su servidor proxy. De lo contrario, estas solicitudes nunca deberían haber llegado a su buzón y haber recibido los códigos de estado "200 OK" (lo que significa que realmente envió la página solicitada).

Las solicitudes no son maliciosas por sí mismas, pero debes asegurarte de que tu servidor esté configurado de una manera que no termine el envío de enlaces a otros sitios.

Bloquear las direcciones IP no resuelve su problema, simplemente barre la suciedad debajo del tapete. Para resolver realmente su problema, debe deshabilitar cualquier configuración que permita a Apache aceptar conexiones proxy.

respondido por el DarkLighting 19.11.2015 - 13:30

fuente

Lea otras preguntas en las etiquetas audit attack-prevention apache

Wireshark decode base64 [cerrado] Almacenamiento de contraseña en línea: ¿es seguro y cómo puedo implementarlo?

score 1 · Accepted Answer

No se trata de ataques, su servidor se utiliza para las solicitudes de proxy.

No sé cómo está su configuración de proxy, pero si no debe redirigir el tráfico, puede agregar esta regla para evitar ese tipo de solicitud inútil

<Directory />
#blocking request who not start by /
RewriteCond %{REQUEST_URI} !^/
#redirect to nowhere
RewriteRule .* - [END]
</Directory>

Además, debe verificar la configuración de su Proxy para no redirigir el tráfico