Willkommen in der Webstatt Zum Webstatt Blog und Stories
Franky Franky am 02.06.07 14:16

Was soll ich tun?

Meine Trafficanzeige schnellt in die Höhe (hab jetzt gegen Nachmittag schon 2,6 GB Traffic, normal sind ca 300 MB am Tag) und es geht immer weiter!

Nur alleine wegen dem imeem-Downloader auf frankyonline.de:
64.131.65.26 - - [02/Jun/2007:14:16:02 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:03 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:03 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:03 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:03 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:03 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:04 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:04 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:04 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:04 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:04 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:05 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:05 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:05 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:05 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:06 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:06 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:06 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:06 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:08 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:08 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:08 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:09 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:09 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:09 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:09 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:10 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:10 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:10 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"


Was soll ich tun? Wie funktioniert das mit der hosts.deny? Einfach nur pro Zeile eine IP? Hab' erstmal nur ne htaccess genommen, aber trotzdem gehts immer höher.. was kann ich tun?!

ErrorDocument 403 "denied"
Order allow,deny
Deny from 67.159.5.55
Deny from 64.131.65.26
allow from all


Viele Grüße,
Franky

// Hab nur 25 GB traffic / Monat, das wird teuer arghhh x/

netcup.de Warum gibt es hier Werbung?
Zeronet Zeronet am 02.06.07 14:26

Hast du root-Zugriff auf eine Shell?
Wenn ja, kick die Verbindung gleich beim reinkommen, sprich netfilter/iptables!

Snake am 02.06.07 14:43

iptables -I INPUT -s böse_IP -j DROP

Franky Franky am 02.06.07 16:18

Mhh, iptables ist nicht installiert und installieren klappt irgendwie auch nicht :(

vs6609:~# apt-get install iptables
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
iptables
0 upgraded, 1 newly installed, 0 to remove and 25 not upgraded.
4 not fully installed or removed.
Need to get 0B/403kB of archives.
After unpacking 1364kB of additional disk space will be used.
Setting up util-linux (2.12r-19) ...
update-rc.d: /etc/init.d/hwclock.sh: file does not exist
dpkg: error processing util-linux (--configure):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
util-linux
E: Sub-process /usr/bin/dpkg returned an error code (1)
vs6609:~#


Was kann ich trotzdem tun? Und was ist "/etc/init.d/hwclock.sh"?

The Master am 02.06.07 17:03

probier mal die ip per htaccess zu sperren

http://www.abakus-internet-marketing.de/foren/viewtopic/t-14013.html

mycorner mycorner am 02.06.07 19:21

das prob hatten wir auch mal bei nem projekt
sieht wohl nach nem ddos angriff aus

kannst kaum was dagegen machen eigentlich, außer größere server zu besorgen die sowas nicht auslastet

Franky Franky am 02.06.07 19:35

Mhh... ausgelastet ister ja nicht.. nur Traffic *grml*
Naja, nur kacke das iptables nicht funktioniert..

Snake am 02.06.07 19:41

Quote
Original von mycorner
das prob hatten wir auch mal bei nem projekt
sieht wohl nach nem ddos angriff aus

das ist doch kein ddos!!
besten falls ein dos, aber auch ein sehr schlechter...

mycorner mycorner am 04.06.07 16:59

was weiß ich wollte mich nur wichtig machen :D
aber so ein bischen so ist es doch ?

vll nicht so krass ...

Snake am 04.06.07 18:51

ein dos legt ein system lahm, das da is nur traffic verursachen...

mycorner mycorner am 04.06.07 19:31

achso ok ;)

Creative Commons Lizenzvertrag
Alle Inhalte des Webstatt-Archivs stehen unter einer Creative Commons Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Unported Lizenz.

Impressum & Kontakt