|
Somebody kill my Apache with "Invalid method in request", please help...
My apache can`t work, they kill my apache in one second after restart, I don`t know how but I know that they attack my MAIN SHARED IP and here is only few lines from apache error log:
tail -n 200 /usr/local/apache/logs/error_log | more [Tue Jun 14 22:44:19 2005] [error] [client 24.23.214.254] Invalid method in request nck8f1fCarTTUsf [Tue Jun 14 22:44:19 2005] [error] [client 24.23.214.254] Invalid method in request vCEH4WqcUY5Hf1U [Tue Jun 14 22:44:19 2005] [error] [client 210.235.223.65] Invalid method in request eyKbSScnu [Tue Jun 14 22:44:19 2005] [error] [client 60.93.4.4] Invalid method in request caDdcuj1Ry5i8kXuLV5IGAk [Tue Jun 14 22:44:20 2005] [error] [client 67.22.199.217] Invalid method in request l1rz3MVMRT [Tue Jun 14 22:44:20 2005] [error] [client 83.17.3.5] Invalid method in request 1ScncX0g764YM [Tue Jun 14 22:44:20 2005] [error] [client 201.129.92.168] Invalid method in request J2NYO [Tue Jun 14 22:44:20 2005] [error] [client 220.213.208.192] Invalid method in request vFKizAG [Tue Jun 14 22:44:20 2005] [error] [client 61.200.104.147] Invalid method in request AuqX30rGaJEiL [Tue Jun 14 22:44:21 2005] [error] [client 218.81.137.16] Invalid method in request K16NxgBp [Tue Jun 14 22:44:21 2005] [error] [client 67.102.82.90] Invalid method in request I82SlesKeQ6CoEV [Tue Jun 14 22:44:21 2005] [error] [client 202.108.158.106] Invalid method in request MJ2OKh2Z1 [Tue Jun 14 22:44:21 2005] [error] [client 218.235.162.214] Invalid method in request 9iUTotiu16sugjE51r [Tue Jun 14 22:44:22 2005] [error] [client 172.216.252.106] Invalid method in request ILy5S8bSAFdTk [Tue Jun 14 22:44:22 2005] [error] [client 201.137.158.231] Invalid method in request g4OPQhSa8PW8R5 [Tue Jun 14 22:44:22 2005] [error] [client 69.180.7.237] Invalid method in request ZmrJg1JEgSWPRM9oACb [Tue Jun 14 22:44:22 2005] [error] [client 70.118.175.144] Invalid method in request sT [Tue Jun 14 22:44:22 2005] [error] [client 222.148.40.156] Invalid method in request [Tue Jun 14 22:44:22 2005] [error] [client 82.117.202.145] Invalid method in request CSIP [Tue Jun 14 22:44:22 2005] [error] [client 137.205.78.253] Invalid method in request gQ8NgmZP [Tue Jun 14 22:44:23 2005] [error] [client 60.30.245.176] Invalid method in request OLPWtghOfmcYsbymAooyoXS [Tue Jun 14 22:44:23 2005] [error] [client 59.187.221.22] Invalid method in request gq5JDmquX3KItcn3K3cyfh61JODdpLVX8v8yA [Tue Jun 14 22:44:24 2005] [error] [client 24.211.47.165] Invalid method in request 4Xc [Tue Jun 14 22:44:24 2005] [error] [client 202.133.101.84] Invalid method in request RTggnnBaeiR [Tue Jun 14 22:44:24 2005] [error] [client 220.29.161.31] Invalid method in request 0eJ0qx1 [Tue Jun 14 22:44:24 2005] [error] [client 221.77.98.12] Invalid method in request QbkU3DZ [Tue Jun 14 22:44:25 2005] [error] [client 193.17.14.216] Invalid method in request mqMLTAYx [Tue Jun 14 22:44:25 2005] [error] [client 66.167.147.113] Invalid method in request st3Yn1GEbDPg55seNpIjrI1gvqhVYa [Tue Jun 14 22:44:25 2005] [error] [client 68.162.59.242] Invalid method in request 38a [Tue Jun 14 22:44:25 2005] [error] [client 210.235.223.65] Invalid method in request nyR7Aa [Tue Jun 14 22:44:25 2005] [error] [client 61.252.99.43] Invalid method in request mRY0m [Tue Jun 14 22:44:25 2005] [error] [client 59.187.221.22] Invalid method in request lEZtym [Tue Jun 14 22:44:25 2005] [error] [client 211.220.20.150] Invalid method in request Ha [Tue Jun 14 22:44:25 2005] [error] [client 137.49.235.149] Invalid method in request lqs [Tue Jun 14 22:44:25 2005] [error] [client 82.201.254.146] Invalid method in request FN6XPK3j94AoJgRa3EUgWK4yp7EwjVeSXq [Tue Jun 14 22:44:26 2005] [error] [client 69.149.39.169] Invalid method in request d4ObqS [Tue Jun 14 22:44:26 2005] [error] [client 24.46.216.104] Invalid method in request Nwy [Tue Jun 14 22:44:27 2005] [error] [client 219.126.124.169] Invalid method in request NUnq [Tue Jun 14 22:44:29 2005] [error] [client 24.46.217.123] Invalid method in request xJBoZlDlwdJ2ttrQ4xc [Tue Jun 14 22:44:30 2005] [error] [client 219.116.174.36] Invalid method in request 6mhZuq4 [Tue Jun 14 22:44:30 2005] [error] [client 219.116.174.36] Invalid method in request zxFqkn [Tue Jun 14 22:44:30 2005] [error] [client 24.187.32.65] Invalid method in request 4O7KclXpGGO0VNew4bvtp0L5cD [Tue Jun 14 22:44:30 2005] [error] [client 84.68.17.201] Invalid method in request zKQWy [Tue Jun 14 22:44:30 2005] [error] [client 201.6.151.243] Invalid method in request 90Z [Tue Jun 14 22:44:30 2005] [error] [client 196.200.81.23] Invalid method in request h4 [Tue Jun 14 22:44:30 2005] [error] [client 70.97.171.23] Invalid method in request C3qJv [Tue Jun 14 22:44:30 2005] [error] [client 62.79.105.247] Invalid method in request j [Tue Jun 14 22:44:31 2005] [error] [client 172.206.177.65] Invalid method in request 7DlzS [Tue Jun 14 22:44:31 2005] [error] [client 218.40.112.169] Invalid method in request 2mTC58FrG [Tue Jun 14 22:44:35 2005] [error] [client 65.221.34.200] Invalid method in request Kw6VSHjDMR somebody know how I can fic this, on my server I don`t have high load, all work fine but this kill apache and server can`t work, apache down in second after restart!!! Please help people...whole day my server down and I can`t solve this problem |
Is the server running php?
http://seclists.org/lists/incidents/2004/Jul/0018.html |
Yes, but that is from 2004!
This attack only kill apache, I think with bad request, but I don`t know why this kill apache very fast, my firewall (shorewall) don`t do nothing, ModSecurity (mod_security) and mod_dosevasive also... I don`t know what know!? Nothing in /tmp and /var/tmp |
Most of the stuff I can find with google points to a bad php script.I would change document root and put a simple index.html file there and see if apache will start.Next try a simple index.php I am no expert I am just learning this stuff.
http://php.mirrors.ilisys.com.au/man...oad.errors.php good luck and I will keep looking around and give as much information as you can so when someone reads this they can help. here is another one with a fix but I don't know what you are using the server for? http://www.opentools.de/board/viewtopic.php?t=436 |
Do u enabled SSL in your server?????
|
| All times are GMT -5. The time now is 10:37 AM. |