Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
06-14-2005, 04:35 PM
|
#1
|
|
LQ Newbie
Registered: Jul 2004
Posts: 6
Rep: 
|
Somebody kill my Apache with "Invalid method in request", please help...
My apache can`t work, they kill my apache in one second after restart, I don`t know how but I know that they attack my MAIN SHARED IP and here is only few lines from apache error log:
tail -n 200 /usr/local/apache/logs/error_log | more
[Tue Jun 14 22:44:19 2005] [error] [client 24.23.214.254] Invalid method in request nck8f1fCarTTUsf
[Tue Jun 14 22:44:19 2005] [error] [client 24.23.214.254] Invalid method in request vCEH4WqcUY5Hf1U
[Tue Jun 14 22:44:19 2005] [error] [client 210.235.223.65] Invalid method in request eyKbSScnu
[Tue Jun 14 22:44:19 2005] [error] [client 60.93.4.4] Invalid method in request caDdcuj1Ry5i8kXuLV5IGAk
[Tue Jun 14 22:44:20 2005] [error] [client 67.22.199.217] Invalid method in request l1rz3MVMRT
[Tue Jun 14 22:44:20 2005] [error] [client 83.17.3.5] Invalid method in request 1ScncX0g764YM
[Tue Jun 14 22:44:20 2005] [error] [client 201.129.92.168] Invalid method in request J2NYO
[Tue Jun 14 22:44:20 2005] [error] [client 220.213.208.192] Invalid method in request vFKizAG
[Tue Jun 14 22:44:20 2005] [error] [client 61.200.104.147] Invalid method in request AuqX30rGaJEiL
[Tue Jun 14 22:44:21 2005] [error] [client 218.81.137.16] Invalid method in request K16NxgBp
[Tue Jun 14 22:44:21 2005] [error] [client 67.102.82.90] Invalid method in request I82SlesKeQ6CoEV
[Tue Jun 14 22:44:21 2005] [error] [client 202.108.158.106] Invalid method in request MJ2OKh2Z1
[Tue Jun 14 22:44:21 2005] [error] [client 218.235.162.214] Invalid method in request 9iUTotiu16sugjE51r
[Tue Jun 14 22:44:22 2005] [error] [client 172.216.252.106] Invalid method in request ILy5S8bSAFdTk
[Tue Jun 14 22:44:22 2005] [error] [client 201.137.158.231] Invalid method in request g4OPQhSa8PW8R5
[Tue Jun 14 22:44:22 2005] [error] [client 69.180.7.237] Invalid method in request ZmrJg1JEgSWPRM9oACb
[Tue Jun 14 22:44:22 2005] [error] [client 70.118.175.144] Invalid method in request sT
[Tue Jun 14 22:44:22 2005] [error] [client 222.148.40.156] Invalid method in request
[Tue Jun 14 22:44:22 2005] [error] [client 82.117.202.145] Invalid method in request CSIP
[Tue Jun 14 22:44:22 2005] [error] [client 137.205.78.253] Invalid method in request gQ8NgmZP
[Tue Jun 14 22:44:23 2005] [error] [client 60.30.245.176] Invalid method in request OLPWtghOfmcYsbymAooyoXS
[Tue Jun 14 22:44:23 2005] [error] [client 59.187.221.22] Invalid method in request gq5JDmquX3KItcn3K3cyfh61JODdpLVX8v8yA
[Tue Jun 14 22:44:24 2005] [error] [client 24.211.47.165] Invalid method in request 4Xc
[Tue Jun 14 22:44:24 2005] [error] [client 202.133.101.84] Invalid method in request RTggnnBaeiR
[Tue Jun 14 22:44:24 2005] [error] [client 220.29.161.31] Invalid method in request 0eJ0qx1
[Tue Jun 14 22:44:24 2005] [error] [client 221.77.98.12] Invalid method in request QbkU3DZ
[Tue Jun 14 22:44:25 2005] [error] [client 193.17.14.216] Invalid method in request mqMLTAYx
[Tue Jun 14 22:44:25 2005] [error] [client 66.167.147.113] Invalid method in request st3Yn1GEbDPg55seNpIjrI1gvqhVYa
[Tue Jun 14 22:44:25 2005] [error] [client 68.162.59.242] Invalid method in request 38a
[Tue Jun 14 22:44:25 2005] [error] [client 210.235.223.65] Invalid method in request nyR7Aa
[Tue Jun 14 22:44:25 2005] [error] [client 61.252.99.43] Invalid method in request mRY0m
[Tue Jun 14 22:44:25 2005] [error] [client 59.187.221.22] Invalid method in request lEZtym
[Tue Jun 14 22:44:25 2005] [error] [client 211.220.20.150] Invalid method in request Ha
[Tue Jun 14 22:44:25 2005] [error] [client 137.49.235.149] Invalid method in request lqs
[Tue Jun 14 22:44:25 2005] [error] [client 82.201.254.146] Invalid method in request FN6XPK3j94AoJgRa3EUgWK4yp7EwjVeSXq
[Tue Jun 14 22:44:26 2005] [error] [client 69.149.39.169] Invalid method in request d4ObqS
[Tue Jun 14 22:44:26 2005] [error] [client 24.46.216.104] Invalid method in request Nwy
[Tue Jun 14 22:44:27 2005] [error] [client 219.126.124.169] Invalid method in request NUnq
[Tue Jun 14 22:44:29 2005] [error] [client 24.46.217.123] Invalid method in request xJBoZlDlwdJ2ttrQ4xc
[Tue Jun 14 22:44:30 2005] [error] [client 219.116.174.36] Invalid method in request 6mhZuq4
[Tue Jun 14 22:44:30 2005] [error] [client 219.116.174.36] Invalid method in request zxFqkn
[Tue Jun 14 22:44:30 2005] [error] [client 24.187.32.65] Invalid method in request 4O7KclXpGGO0VNew4bvtp0L5cD
[Tue Jun 14 22:44:30 2005] [error] [client 84.68.17.201] Invalid method in request zKQWy
[Tue Jun 14 22:44:30 2005] [error] [client 201.6.151.243] Invalid method in request 90Z
[Tue Jun 14 22:44:30 2005] [error] [client 196.200.81.23] Invalid method in request h4
[Tue Jun 14 22:44:30 2005] [error] [client 70.97.171.23] Invalid method in request C3qJv
[Tue Jun 14 22:44:30 2005] [error] [client 62.79.105.247] Invalid method in request j
[Tue Jun 14 22:44:31 2005] [error] [client 172.206.177.65] Invalid method in request 7DlzS
[Tue Jun 14 22:44:31 2005] [error] [client 218.40.112.169] Invalid method in request 2mTC58FrG
[Tue Jun 14 22:44:35 2005] [error] [client 65.221.34.200] Invalid method in request Kw6VSHjDMR
somebody know how I can fic this, on my server I don`t have high load, all work fine but this kill apache and server can`t work, apache down in second after restart!!!
Please help people...whole day my server down and I can`t solve this problem
|
|
|
|
|
06-14-2005, 05:16 PM
|
#2
|
|
Gentoo Developer
Registered: Feb 2004
Location: Fort Lauderdale FL.
Distribution: Gentoo
Posts: 3,291
Rep: 
|
Last edited by comprookie2000; 06-14-2005 at 05:17 PM.
|
|
|
|
|
06-14-2005, 05:43 PM
|
#3
|
|
LQ Newbie
Registered: Jul 2004
Posts: 6
Original Poster
Rep:
|
Yes, but that is from 2004!
This attack only kill apache, I think with bad request, but I don`t know why this kill apache very fast, my firewall (shorewall) don`t do nothing, ModSecurity (mod_security) and mod_dosevasive also...
I don`t know what know!?
Nothing in /tmp and /var/tmp
|
|
|
|
|
06-14-2005, 06:25 PM
|
#4
|
|
Gentoo Developer
Registered: Feb 2004
Location: Fort Lauderdale FL.
Distribution: Gentoo
Posts: 3,291
Rep:
|
Most of the stuff I can find with google points to a bad php script.I would change document root and put a simple index.html file there and see if apache will start.Next try a simple index.php I am no expert I am just learning this stuff.
http://php.mirrors.ilisys.com.au/man...oad.errors.php
good luck and I will keep looking around and give as much information as you can so when someone reads this they can help.
here is another one with a fix but I don't know what you are using the server for?
http://www.opentools.de/board/viewtopic.php?t=436
Last edited by comprookie2000; 06-14-2005 at 06:36 PM.
|
|
|
|
|
06-14-2005, 11:29 PM
|
#5
|
|
Member
Registered: Jan 2005
Location: India
Distribution: RHEL,CentOS,SUSE,Solaris10
Posts: 183
Rep:
|
Do u enabled SSL in your server?????
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 08:41 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
