LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-02-2007, 07:51 AM   #1
ciscllc
LQ Newbie
 
Registered: Oct 2005
Location: Wilmington
Distribution: Debian 6
Posts: 4

Rep: Reputation: 0
Apache Port 80 Troubles


Hi there guys!

Big trouble with debian and apache 1.3.33 with BEN-ssl (Apache-ssl)

Since 5 days I get huge incoming traffic to my webserver (double to trible of the outgoing!!!! Never been that hight befor)
And: only access on port 80 is not working, 443 (https) is working.

Can anyone help?

Thanks,

Christian
 
Old 01-02-2007, 11:26 AM   #2
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,395
Blog Entries: 2

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
Check your server logs. See what files are being requested and by what host(s). Viruses and hackers frequently cause this type of activity. You may be able to use iptables to drop requests from a small number of IPs, to reduce the bogus hit counts. I'm not sure what, if any, well known security holes apache 1.3 may expose. That is something you should probably check up on.

I use a collection of homebrew perl scripts for logfile analysis, along with the popular Webalizer tool. This makes it fairly simple to keep tabs on what a web server has been doing, and what the web may be doing to the server.

--- rod.
 
Old 01-03-2007, 11:56 AM   #3
ciscllc
LQ Newbie
 
Registered: Oct 2005
Location: Wilmington
Distribution: Debian 6
Posts: 4

Original Poster
Rep: Reputation: 0
what the web is doing to my server ....

Code:
86.218.245.66 - - [03/Jan/2007:18:16:02 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
69.250.149.33 - - [03/Jan/2007:18:16:02 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.68.179.211 - - [03/Jan/2007:18:16:03 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.42.77.150 - - [03/Jan/2007:18:16:03 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
200.157.246.29 - - [03/Jan/2007:18:16:03 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
212.107.116.248 - - [03/Jan/2007:18:16:03 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
212.107.116.248 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
82.230.198.174 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
81.248.71.178 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
62.215.3.75 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
81.104.184.242 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
213.42.2.22 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
91.163.252.22 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
90.196.32.243 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.0.0.1 HTTP/1.1" 403 333 "-" "Shareaza 2.0.0.1"
200.141.218.70 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
172.204.47.174 - - [03/Jan/2007:18:16:05 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
84.0.38.178 - - [03/Jan/2007:18:16:05 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
82.250.104.79 - - [03/Jan/2007:18:16:05 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.41.127.178 - - [03/Jan/2007:18:16:05 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
86.196.23.187 - - [03/Jan/2007:18:16:05 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
86.214.110.160 - - [03/Jan/2007:18:16:08 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
212.138.64.177 - - [03/Jan/2007:18:16:08 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.0" 403 321 "-" "Shareaza 2.2.1.0"
212.195.150.203 - - [03/Jan/2007:18:16:08 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
82.78.178.28 - - [03/Jan/2007:18:16:08 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
88.119.18.184 - - [03/Jan/2007:18:16:10 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
90.4.173.220 - - [03/Jan/2007:18:16:10 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
195.7.1.69 - - [03/Jan/2007:18:16:10 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
87.91.164.248 - - [03/Jan/2007:18:16:10 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
190.72.144.67 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.0" 403 321 "-" "Shareaza 2.2.1.0"
86.196.239.232 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.30.233.136 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.0" 403 321 "-" "Shareaza 2.2.1.0"
201.29.248.203 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=3.0.0.0 HTTP/1.1" 403 333 "-" "Shareaza 3.0.0.0"
88.118.73.67 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
211.132.46.192 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
89.55.77.59 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.13.181.83 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.23.203.254 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.0" 403 321 "-" "Shareaza 2.2.1.0"
90.9.180.171 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
90.6.114.142 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
200.186.128.2 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
172.179.189.18 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
86.194.209.4 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.19.254.154 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
89.86.111.90 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
82.125.183.147 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
213.42.21.78 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
90.13.226.243 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
81.51.221.182 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
86.199.175.113 - - [03/Jan/2007:18:16:14 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
72.137.166.49 - - [03/Jan/2007:18:16:14 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.79.170.192 - - [03/Jan/2007:18:16:14 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
just 10 seconds of my access.log file ...
 
Old 01-03-2007, 01:10 PM   #4
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,395
Blog Entries: 2

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
Wow. This is gnutella traffic. It appears to me that, somehow, your IP seems to have been identified as a node/peer on the gnutella P2P network, using HTPP as it's transport protocol. Did this all happen to start up sometime after running a gnutella client? Has your IP changed recently? It does seem a bit odd that all of the requesting client 'browsers' are the same name and version number. The high number of different client IPs will make it impractical or impossible to block this traffic with iptables rules.
Gnutella functions in part by certain hosts remembering peer IP's in a cache, as a sort of seed to get the peer to peer communication working. Perhaps your IP has been added to a cache/database somewhere, and all of the shareaza clients are getting your IP as a peer node. If that is the case, it might be easiest to request a new IP from your provider.

Perhaps someone with deeper knowledge of the gnutella network can contribute some insight.

--- rod.
 
  


Reply

Tags
accesslog, apache, port


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
troubles using a docking port with Acer TM630 abhinavverma Linux - Laptop and Netbook 0 02-01-2005 04:06 AM
Troubles with Apache NameVirtualHosting mangolicious Linux - Networking 5 01-31-2005 07:37 PM
apache troubles speel Linux - Newbie 1 01-27-2005 09:28 PM
troubles with port forwarding and iptables gomen Linux - Networking 1 08-29-2003 08:32 AM
apache troubles azbuck01 Linux - Networking 2 01-09-2003 06:27 PM


All times are GMT -5. The time now is 03:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration