apache - Apache2 flooded with GET Requests -


i'm running several services redmine, continuum or tomcat. lately of them have been extremly slow. in worst cases had wait 5 minutes see front page of tomcat server.

i decided take access.log file apache2 , noticed, server has been flooded requests. here's snipped of log file.

66.249.67.238 - - [24/mar/2014:14:10:15 +0100] "get /maven2/com/sun/jersey/jersey-server/1.7-snapshot/maven-metadata-maven2-repository.dev.java.net.xml.md5 http/1.1" 500 1084 "-" "samsung-sgh-e250/1.0 profile/midp-2.0 configuration/cldc-1.1 up.browser/6.2.3.3.c.1.101 (gui) mmp/2.0 (compatible; googlebot-mobile/2.1; +http://www.google.com/bot.html)" 23.239.123.39 - - [24/mar/2014:14:10:22 +0100] "get http://ads.yashi.com/12976 http/1.0" 500 1153 "http://www.edunyc.com" "mozilla/5.0 (windows; u; windows nt 6.1; en-us) applewebkit/534.16 (khtml, gecko) chrome/10.0.648.204 safari/534.16" 198.13.111.248 - - [24/mar/2014:14:10:23 +0100] "get http://ib.adnxs.com/tt?id=2249888&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.thebankparent.com/?p=5426" "mozilla/4.0 (compatible; msie 7.0; windows nt 6.0; wow64; slcc1; media center pc 5.0; .net clr 2.0.50727)" 66.249.66.120 - - [24/mar/2014:14:10:25 +0100] "get /maven2/org/apache/maven/surefire/surefire-junit/2.4.2/ http/1.1" 500 1084 "-" "docomo/2.0 n905i(c100;tb;w24h16) (compatible; googlebot-mobile/2.1; +http://www.google.com/bot.html)" 23.91.20.235 - - [24/mar/2014:14:10:26 +0100] "get http://ib.adnxs.com/tt?id=2287590&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.agtvbi.com/?cat=1" "mozilla/5.0 (compatible; msie 7.0; windows nt 6.0; wow64; slcc1; .net clr 2.0.50727; media center pc 5.0; c .net clr 3.0.04506; .net clr 3.5.30707; infopath.1)" 198.13.111.243 - - [24/mar/2014:14:10:26 +0100] "get http://ib.adnxs.com/tt?id=2249973&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.finank.com/?tag=tv" "mozilla/5.0 (windows nt 6.1; win64; x64; rv:5.0) gecko/20100101 firefox/5.0" 23.91.20.238 - - [24/mar/2014:14:10:32 +0100] "get http://ib.adnxs.com/tt?id=2249973&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.finank.com/?p=12004" "mozilla/5.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; infopath.2; slcc1; .net clr 3.0.4506.2152; .net clr 3.5.30729; .net clr 2.0.50727)" 23.91.20.236 - - [24/mar/2014:14:10:34 +0100] "get http://ib.adnxs.com/tt?id=2287590&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.agtvbi.com/?tag=kids" "mozilla/4.0 (mozilla/4.0; msie 7.0; windows nt 5.1; fdm; sv1)" 184.105.203.51 - - [24/mar/2014:14:10:35 +0100] "get http://ib.adnxs.com/tt?id=2208504&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.tvlucifer.com/online-videos/friends-and-family/8-near-death-experience-nahtoderfahrung-8.html#comments" "mozilla/4.0 (compatible; msie 9.0; windows nt 6.1; trident/4.0; fdm; msiecrawler; media center pc 5.0)" 66.249.66.120 - - [24/mar/2014:14:10:36 +0100] "get /maven2/org/apache/maven/jxr/jxr/2.2/ http/1.1" 500 1084 "-" "docomo/2.0 n905i(c100;tb;w24h16) (compatible; googlebot-mobile/2.1; +http://www.google.com/bot.html)" 23.228.234.125 - - [24/mar/2014:14:10:40 +0100] "get http://ib.adnxs.com/tt?id=2249888&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.thebankparent.com/?tag=trucks" "mozilla/5.0 (windows nt 5.1; rv:2.0.1) gecko/20100101 firefox/5.0" 23.91.20.236 - - [24/mar/2014:14:10:42 +0100] "get http://ib.adnxs.com/tt?id=2287590&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.agtvbi.com/?p=31177" "mozilla/5.0 (x11; cros i686 1193.158.0) applewebkit/535.7 (khtml, gecko) chrome/16.0.912.75 safari/535.7" 23.91.20.238 - - [24/mar/2014:14:10:44 +0100] "get http://ib.adnxs.com/tt?id=2249973&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.finank.com/?tag=trance" "mozilla/4.0 (compatible; msie 8.0; windows nt 6.1; trident/4.0; mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1) ; slcc2; .net clr 2.0.50727; .net clr 3.5.30729; .net clr 3.0.30729; media center pc 6.0; tablet pc 2.0)" 198.13.111.243 - - [24/mar/2014:14:10:44 +0100] "get http://ib.adnxs.com/tt?id=2249973&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.finank.com/?p=5430" "mozilla/5.0 (compatible; msie 9.0; windows nt 6.1; trident/5.0; chromeframe/11.0.696.57)" 23.228.234.121 - - [24/mar/2014:14:10:49 +0100] "get http://ib.adnxs.com/tt?id=2249481&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.tvluck.net/?p=272" "mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; .net clr 1.1.4322; alexa toolbar)" 221.215.112.238 - - [24/mar/2014:14:10:51 +0100] "get http://www.mmadsgadget.com/t?id=9c527de6-0d69-4d59-af9e-09e2ee635eaa&size=300x250 http/1.0" 500 1075 "http://www.travelandleisure.com/" "mozilla/4.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; .net clr 1.1.4322; infopath.2; .net clr 2.0.50727; .net clr 3.0.4506.2152; .net clr 3.5.30729)" 72.52.98.142 - - [24/mar/2014:14:10:59 +0100] "get http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=5141612&pub_url=${pub_url} http/1.0" 500 1153 "http://www.wdhcc.com/?p=13760" "mozilla/5.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; slcc1; .net clr 3.0.4506.2152; .net clr 3.5.30729; .net clr 1.1.4322)" 23.91.20.235 - - [24/mar/2014:14:11:03 +0100] "get http://ib.adnxs.com/tt?id=2287590&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.agtvbi.com/?p=28749" "mozilla/5.0 (windows nt 6.1) applewebkit/535.2 (khtml, gecko) chrome/18.6.872.0 safari/535.2 untrusted/1.0 3gpp-gba untrusted/1.0" 23.228.234.121 - - [24/mar/2014:14:11:04 +0100] "get http://ib.adnxs.com/tt?id=2249481&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.tvluck.net/?p=4130" "mozilla/4.0 (compatible; msie 5.0; windows nt 4.0; alexa toolbar)" 23.91.20.235 - - [24/mar/2014:14:11:04 +0100] "get http://ib.adnxs.com/tt?id=2287590&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.agtvbi.com/?p=32312" "mozilla/4.0 (compatible; msie 8.0; windows nt 6.1; wow64; trident/4.0; slcc2; media center pc 6.0; infopath.2; ms-rtc lm 8)" 23.228.234.124 - - [24/mar/2014:14:11:05 +0100] "get http://ib.adnxs.com/tt?id=2249921&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.pcemar.com/?category_name=lifestyle-2" "mozilla/5.0 (compatible; msie 7.0; windows nt 6.0; fr-fr)" 222.141.201.109 - - [24/mar/2014:14:11:06 +0100] "get http://ads.mopub.com/m/ad?v=6&id=e97c43fa9d4311e295fa123138070049&nv=1.12.0.0&udid=sha:24cd3e740e7a4f0ade96ceb5bc5ae5dc8c7a114f&ll=38.658724,-92.535656&z=cdt&o=l&sc_a=1.3&mr=1&mcc=302&mnc=720&iso=us&cn=wireless%20rogers%20communications http/1.0" 500 1069 "-" "opera/9.80 (android 2.2.2; linux; opera mobi/adr-1111101157; u; en) presto/2.9.201 version/11.50" 23.91.20.237 - - [24/mar/2014:14:11:09 +0100] "get http://ib.adnxs.com/tt?id=2287590&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.agtvbi.com/?p=29929" "mozilla/4.0 (compatible; msie 8.0; windows nt 6.1; win64; x64; trident/4.0)" 23.228.234.115 - - [24/mar/2014:14:11:10 +0100] "get http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=4819271&pub_url=${pub_url} http/1.0" 500 1153 "http://www.linnama.com/?p=993" "mozilla/5.0 (windows nt 6.1; rv:6.0) gecko/20110814 firefox/6.0" 184.105.203.51 - - [24/mar/2014:14:11:10 +0100] "get http://ib.adnxs.com/tt?id=2208504&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.tvlucifer.com/tag/love" "mozilla/4.0 (compatible; msie 8.0; windows nt 6.1; wow64; trident/4.0; slcc2; media center pc 6.0; infopath.2; ms-rtc lm 8)" 198.13.111.248 - - [24/mar/2014:14:11:12 +0100] "get http://ib.adnxs.com/tt?id=2249888&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.thebankparent.com/?category_name=driving-style-and-technique" "mozilla/5.0 (windows nt 5.1) applewebkit/535.1 (khtml, gecko) chrome/14.0.813.0 safari/535.1" 198.13.111.242 - - [24/mar/2014:14:11:13 +0100] "get http://ib.adnxs.com/tt?id=2249973&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.finank.com/?p=13741" "mozilla/5.0 (macintosh; intel mac os x 10_6_8) applewebkit/535.2 (khtml, gecko) chrome/15.0.861.0 safari/535.2" 198.13.111.246 - - [24/mar/2014:14:11:18 +0100] "get http://ib.adnxs.com/tt?id=2249921&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.pcemar.com/?p=974" "mozilla/5.0 (windows nt 6.1; rv:6.0) gecko/20110814 firefox/6.0" 72.52.98.140 - - [24/mar/2014:14:11:18 +0100] "get http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=5141612&pub_url=${pub_url} http/1.0" 500 1153 "http://www.wdhcc.com/?tag=scare" "mozilla/4.0 (compatible; msie 7.0; windows nt 6.1; wow64; slcc2; .net clr 2.0.50727; infopath.3; .net4.0c; .net4.0e; .net clr 3.5.30729; .net clr 3.0.30729; ms-rtc lm 8)" 23.228.234.117 - - [24/mar/2014:14:11:19 +0100] "get http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=4819271&pub_url=${pub_url} http/1.0" 500 1153 "http://www.linnama.com/?p=850" "mozilla/4.0 (compatible; msie 7.0b; windows nt 5.1; .net clr 1.1.4322; .net clr 2.0.50727)" 23.91.20.235 - - [24/mar/2014:14:11:20 +0100] "get http://ib.adnxs.com/tt?id=2287590&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.agtvbi.com/?cat=1" "mozilla/5.0 (compatible; msie 8.0; windows nt 5.0; trident/4.0; infopath.1; sv1; .net clr 3.0.4506.2152; .net clr 3.5.30729; .net clr 3.0.04506.30)" 23.228.234.116 - - [24/mar/2014:14:11:24 +0100] "get http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=4819271&pub_url=${pub_url} http/1.0" 500 1153 "http://www.linnama.com/" "mozilla/4.0 (compatible; msie 8.0; windows nt 6.1; wow64; trident/4.0; slcc2; .net clr 2.0.50727; infopath.2)" 23.228.234.124 - - [24/mar/2014:14:11:24 +0100] "get http://ib.adnxs.com/tt?id=2249921&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.pcemar.com/" "mozilla/4.0 (compatible; msie 7.0b; windows nt 5.1; .net clr 1.1.4322; alexa toolbar; .net clr 2.0.50727)" 198.13.111.243 - - [24/mar/2014:14:11:24 +0100] "get http://ib.adnxs.com/tt?id=2249973&cb=[cachebuster]&referrer=[referrer_url] http/1.0" 500 1152 "http://www.finank.com/?tag=upc" "mozilla/5.0 (compatible; msie 9.0; windows nt 6.1; trident/5.0; yie8)"

reading this understand i'm under kind of proxyabuse, deactivating mod_proxy module doesn't stop reqeusts @ all. way found working block port 80 in listen.conf file. of course redmine, continuum , tomcat not reachable outside.

any ideas? in advance...

as explained here: https://serverfault.com/questions/242292/apache-getting-hammered-by-nonsense-requests-how-to-stop

you use fail2ban or hosts.deny block hosts in question accessing server.

also, configure firewall if applicable block abusing ips.


Comments

Post a Comment

Popular posts from this blog

android - Get AccessToken using signpost OAuth without opening a browser (Two legged Oauth) -

i using signpost oauth access data magento server. have read various tutorials on same , reach point open browser user can enter credentials. however, per requirement have automate part. hence, user should not browser page. have set-up done on server side ( magento ), hit url , returned call page. same through program in android. i have tried below, consumer = new commonshttpoauthconsumer(key, secret); provider = new commonshttpoauthprovider(oauth_init_url,access_token_url, authorize_url); try { provider.retrieverequesttoken(consumer, oauth.out_of_band); log.d("tokens" , consumer.gettoken() + " -- " + consumer.gettokensecret()); } and request tokens. dont know how bypass next step. tried directly accessing accesstoken (stupid of me) provider.retrieveaccesstoken(consumer, "mycallback://callback"); no luck, ends in oauth.signpost.exception.oauthnotauthorizedexception: authorization failed (server replied 401). ...
Read more

org.mockito.exceptions.misusing.InvalidUseOfMatchersException: mockito -

getting error org.mockito.exceptions.misusing.invaliduseofmatchersexception: invalid use of argument matchers! 1 matchers expected, 2 recorded. exception may occur if matchers combined raw values: //incorrect: somemethod(anyobject(), "raw string"); when using matchers, arguments have provided matchers. example: //correct: somemethod(anyobject(), eq("string matcher")); at when( getprogramservice .callservice(any(getprogramtype.class))) .thenreturn(jaxbresponse); please explain error , possible resolution the code posted looks fine; don't see problem it. code before or above causing exception. key here: invalid use of argument matchers! 1 matchers expected, 2 recorded. any , used above, doesn't return "special kind of null" or "special kind of getprogramtype"; don't exist. instead, returns null , side effect puts matcher on stack. whe...
Read more

google shop client API returns 400 bad request error while adding an item -

i'm working on solution add items in google shopping market java application. following tutorial real mess because of missing classes of laste release, after setting 1.5-beta maven managed make base example typecheck correctly classes. still can make simple task of adding 1 item. instead of posting whole code i'm posting part creates product feed. private product createproduct(string id) { product product = new product(); product.title = "red wool sweater"; product.content = new content( "text", "comfortable , soft, sweater keep warm on " + "cold winter nights. red , blue stripes."); product.appcontrol = new appcontrol(); product.appcontrol.addrequireddestination("productads"); product.externalid = id; product.lang = "it"; product.country = "it"; product.condition = "nuovo"; product.price = new price("eu...
Read more