LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Apache Port 80 Troubles (https://www.linuxquestions.org/questions/linux-networking-3/apache-port-80-troubles-515567/)

ciscllc 01-02-2007 07:51 AM

Apache Port 80 Troubles
 
Hi there guys!

Big trouble with debian and apache 1.3.33 with BEN-ssl (Apache-ssl)

Since 5 days I get huge incoming traffic to my webserver (double to trible of the outgoing!!!! Never been that hight befor)
And: only access on port 80 is not working, 443 (https) is working.

Can anyone help?

Thanks,

Christian

theNbomr 01-02-2007 11:26 AM

Check your server logs. See what files are being requested and by what host(s). Viruses and hackers frequently cause this type of activity. You may be able to use iptables to drop requests from a small number of IPs, to reduce the bogus hit counts. I'm not sure what, if any, well known security holes apache 1.3 may expose. That is something you should probably check up on.

I use a collection of homebrew perl scripts for logfile analysis, along with the popular Webalizer tool. This makes it fairly simple to keep tabs on what a web server has been doing, and what the web may be doing to the server.

--- rod.

ciscllc 01-03-2007 11:56 AM

what the web is doing to my server ....
 
Code:

86.218.245.66 - - [03/Jan/2007:18:16:02 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
69.250.149.33 - - [03/Jan/2007:18:16:02 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.68.179.211 - - [03/Jan/2007:18:16:03 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.42.77.150 - - [03/Jan/2007:18:16:03 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
200.157.246.29 - - [03/Jan/2007:18:16:03 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
212.107.116.248 - - [03/Jan/2007:18:16:03 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
212.107.116.248 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
82.230.198.174 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
81.248.71.178 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
62.215.3.75 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
81.104.184.242 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
213.42.2.22 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
91.163.252.22 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
90.196.32.243 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.0.0.1 HTTP/1.1" 403 333 "-" "Shareaza 2.0.0.1"
200.141.218.70 - - [03/Jan/2007:18:16:04 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
172.204.47.174 - - [03/Jan/2007:18:16:05 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
84.0.38.178 - - [03/Jan/2007:18:16:05 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
82.250.104.79 - - [03/Jan/2007:18:16:05 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.41.127.178 - - [03/Jan/2007:18:16:05 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
86.196.23.187 - - [03/Jan/2007:18:16:05 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
86.214.110.160 - - [03/Jan/2007:18:16:08 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
212.138.64.177 - - [03/Jan/2007:18:16:08 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.0" 403 321 "-" "Shareaza 2.2.1.0"
212.195.150.203 - - [03/Jan/2007:18:16:08 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
82.78.178.28 - - [03/Jan/2007:18:16:08 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
88.119.18.184 - - [03/Jan/2007:18:16:10 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
90.4.173.220 - - [03/Jan/2007:18:16:10 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
195.7.1.69 - - [03/Jan/2007:18:16:10 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
87.91.164.248 - - [03/Jan/2007:18:16:10 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
190.72.144.67 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.0" 403 321 "-" "Shareaza 2.2.1.0"
86.196.239.232 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.30.233.136 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.0" 403 321 "-" "Shareaza 2.2.1.0"
201.29.248.203 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=3.0.0.0 HTTP/1.1" 403 333 "-" "Shareaza 3.0.0.0"
88.118.73.67 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
211.132.46.192 - - [03/Jan/2007:18:16:11 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
89.55.77.59 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.13.181.83 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.23.203.254 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.0" 403 321 "-" "Shareaza 2.2.1.0"
90.9.180.171 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
90.6.114.142 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
200.186.128.2 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
172.179.189.18 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
86.194.209.4 - - [03/Jan/2007:18:16:12 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.19.254.154 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
89.86.111.90 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
82.125.183.147 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
213.42.21.78 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
90.13.226.243 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
81.51.221.182 - - [03/Jan/2007:18:16:13 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
86.199.175.113 - - [03/Jan/2007:18:16:14 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
72.137.166.49 - - [03/Jan/2007:18:16:14 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"
201.79.170.192 - - [03/Jan/2007:18:16:14 +0100] "GET /g2/bazooka.php?get=1&hostfile=1&net=gnutella2&client=RAZA&version=2.2.1.0 HTTP/1.1" 403 333 "-" "Shareaza 2.2.1.0"

just 10 seconds of my access.log file ...

theNbomr 01-03-2007 01:10 PM

Wow. This is gnutella traffic. It appears to me that, somehow, your IP seems to have been identified as a node/peer on the gnutella P2P network, using HTPP as it's transport protocol. Did this all happen to start up sometime after running a gnutella client? Has your IP changed recently? It does seem a bit odd that all of the requesting client 'browsers' are the same name and version number. The high number of different client IPs will make it impractical or impossible to block this traffic with iptables rules.
Gnutella functions in part by certain hosts remembering peer IP's in a cache, as a sort of seed to get the peer to peer communication working. Perhaps your IP has been added to a cache/database somewhere, and all of the shareaza clients are getting your IP as a peer node. If that is the case, it might be easiest to request a new IP from your provider.

Perhaps someone with deeper knowledge of the gnutella network can contribute some insight.

--- rod.


All times are GMT -5. The time now is 07:26 AM.