Attaques DDOS : comment contrer?

Consultez la formation à Google Analytics de WebRankInfo / Ranking Metrics

Recif
WRInaute impliqué
WRInaute impliqué
 
Messages: 894
Enregistré le: 25 Aoû 2004

Attaques DDOS : comment contrer?

Message le Lun Aoû 27, 2007 13:49

Bonjour,

Depuis 5 jours mon serveur dédié est à plat à cause d'abrutis qui ont lancé une attaque DDOS... Avez vous des solutions pour contrer ce type d'attaque (linux/apache)?

Robinson
WRInaute passionné
WRInaute passionné
 
Messages: 2286
Enregistré le: 26 Oct 2005

Message le Lun Aoû 27, 2007 13:57

Bloquer toutes les ip coupables pendant un ptit moment...

Recif
WRInaute impliqué
WRInaute impliqué
 
Messages: 894
Enregistré le: 25 Aoû 2004

Message le Lun Aoû 27, 2007 14:02

Merci pour ta réponse.
Et quand il y en a une infinité, et sans cesse renouvelées?

FloBaoti
WRInaute impliqué
WRInaute impliqué
 
Messages: 755
Enregistré le: 30 Avr 2006

Message le Lun Aoû 27, 2007 14:06

Il faut contacter l'hébergeur immédiatement. C'est le seul à avoir les moyens de "bloquer" (ou tout du moins "atténuer") l'attaque...

Robinson
WRInaute passionné
WRInaute passionné
 
Messages: 2286
Enregistré le: 26 Oct 2005

Message le Lun Aoû 27, 2007 14:26

L'attaque a lieu de quelle manière ? sur ton nom de domaine ? sur l'IP ?

Une attaque DDOS depuis 5 jours... ça m'étonne... c'est pas des gamins qui t'attaquent... que leur as-tu fait ? :)

Recif
WRInaute impliqué
WRInaute impliqué
 
Messages: 894
Enregistré le: 25 Aoû 2004

Message le Lun Aoû 27, 2007 15:23

FloBaoti a écrit:Il faut contacter l'hébergeur immédiatement. C'est le seul à avoir les moyens de "bloquer" (ou tout du moins "atténuer") l'attaque...


L'hébergeur me dit qu'il ne peut rien faire... Qu'il n'y a plus qu'à attendre qu'il se lasse...! Mais qu'il n'y a aucun moyen de lutter.
Je n'y crois pas.

Recif
WRInaute impliqué
WRInaute impliqué
 
Messages: 894
Enregistré le: 25 Aoû 2004

Message le Lun Aoû 27, 2007 15:24

Robinson a écrit:L'attaque a lieu de quelle manière ? sur ton nom de domaine ? sur l'IP ?

A priori sur l'ip.

Une attaque DDOS depuis 5 jours... ça m'étonne... c'est pas des gamins qui t'attaquent... que leur as-tu fait ? :)

Eh bien j'aimerais bien en avoir un en ligne pour le lui demander!...

Robinson
WRInaute passionné
WRInaute passionné
 
Messages: 2286
Enregistré le: 26 Oct 2005

Message le Lun Aoû 27, 2007 16:10

Je ne m'y connais pas, mais j'utiliserai une solution radicale, bloquer toutes les IP, sauf la mienne !
Ensuite, beh euuh j'aviserai... j'essairai de débloquer des tranches d'ip.

darmond.j
WRInaute occasionnel
WRInaute occasionnel
 
Messages: 347
Enregistré le: 18 Fév 2007

Message le Lun Aoû 27, 2007 16:12


FloBaoti
WRInaute impliqué
WRInaute impliqué
 
Messages: 755
Enregistré le: 30 Avr 2006

Message le Lun Aoû 27, 2007 19:49

Le "problème" lors d'une attaque DDoS digne de ce nom, c'est que le serveur est surchargé et ne répond donc plus.
Donc c'est en fait inutile de lui appliquer des filtres dessus (bloquages d'IP ou autres), puisqu'il restera surchargé ne serais-ce que par les demandes de connexions (qui pourront certes être refusées).

Le seul moyen possible est au niveau d'un routeur ou d'un switch, qui sont en théorie capables de filtrer plus facilement que ton serveur (ils traitent beaucoup plus de paquets par secondes que chaque serveur)...
Mais si ton hébergeur ne veux rien faire, ça sent pas bon...

C'est vrai que 5 jours, ça me parait bien long.

Es-tu sûr qu'il s'agisse d'un DDoS ? (peut-être ton serveur est-il instable...) D'où proviennent les IP qui semblent attaquer?

Recif
WRInaute impliqué
WRInaute impliqué
 
Messages: 894
Enregistré le: 25 Aoû 2004

Message le Lun Aoû 27, 2007 20:06

L'hébergeur me répond que les switchs/routeurs/FW ne savent pas faire ça. C'est faux car Checkpoint contient un module spécifique contre les attaques de ce type...

Oui, je suis certain que c'est une attaque DDOS. court extrait du log:

Code: Tout sélectionner
82.42.37.128 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
89.89.104.207 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.53.112.49 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.123.19.6 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
218.209.109.17 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
77.181.214.56 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.182.115.41 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.42.37.128 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.61.53.65 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.143.198.36 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.212.161.40 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
196.206.132.17 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
83.77.33.208 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.92.28.238 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.182.115.41 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.74.232 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.53.112.49 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.212.161.40 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
221.5.176.4 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
213.118.207.148 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
77.181.214.56 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
122.252.71.209 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.61.53.65 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
83.77.33.208 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.92.28.238 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.143.198.36 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
196.40.86.157 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.123.19.6 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.53.112.49 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
77.181.214.56 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
83.77.33.208 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.61.53.65 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.53.112.49 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.92.28.238 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.143.198.36 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
77.181.214.56 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.197.247.202 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.123.19.6 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
212.71.32.87 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.240.55 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.53.112.49 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.74.232 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
83.209.43.138 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.75.225.195 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
83.77.33.208 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.42.37.128 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.92.28.238 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.212.161.40 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.61.53.65 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.182.115.41 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.240.55 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.42.37.128 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.212.161.40 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.182.115.41 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
77.181.214.56 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.53.112.49 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
213.118.207.148 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.240.55 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.209.118 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.143.198.36 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.42.37.128 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.212.161.40 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.182.115.41 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"


Voilà pour 2 secondes...

Morph1er
WRInaute occasionnel
WRInaute occasionnel
 
Messages: 309
Enregistré le: 7 Juil 2004

Message le Mar Aoû 28, 2007 7:38

Déjà, éteinds apache... Tu risques d'endommager ton matériel à le laisser comme ça.

Recif
WRInaute impliqué
WRInaute impliqué
 
Messages: 894
Enregistré le: 25 Aoû 2004

Message le Mar Aoû 28, 2007 10:01

Endomager le materiel?? Euh non, je ne pense pas qu'il y ait un risque de ce côté là.
Et arrêter apache je ne peux pas, j'ai des tas de sites qui tournent dessus.
Ce matin ca s'est calmé...

tofm2
WRInaute passionné
WRInaute passionné
 
Messages: 2212
Enregistré le: 9 Avr 2005

Message le Mar Aoû 28, 2007 10:05

Recif a écrit:Endomager le materiel?? Euh non, je ne pense pas qu'il y ait un risque de ce côté là.
Et arrêter apache je ne peux pas, j'ai des tas de sites qui tournent dessus.
Ce matin ca s'est calmé...


dans ce genre de cas, c'est la solution la plus efficace

si tu risque un endommagement physique côté serveur

ça ne ressemble pas vraiment à une DDOS

Recif
WRInaute impliqué
WRInaute impliqué
 
Messages: 894
Enregistré le: 25 Aoû 2004

Message le Mar Aoû 28, 2007 10:13

Comment je pourrais risquer un endomagement physique, je comprends pas trop... Le serveur est saturé de requêtes, donc au pire le serveur (logiciel) tombe, mais c'est tout... :?:

Robinson
WRInaute passionné
WRInaute passionné
 
Messages: 2286
Enregistré le: 26 Oct 2005

Message le Mar Aoû 28, 2007 12:27

C'est ce que j'allais dire hier soir suite à ton log, ça ne ressemble pas à une attaque DDOS.

Tu as plusieurs sites sur ton serveur, donc tous sont/étaient quasi inaccessibles !
Je ne vois pas en quoi ça t'aurait géné de stopper apache quelques minutes/heures.
De plus, si tu cherches mieux dans tes logs, tu verrai quel fichier est appelé à autant de reprises car ce n'est visiblement pas ton ip qui est visée. (ou alors par conséquent, le fichier accessible directement par ton ip)

Mais cela semble terminé, tant mieux pour toi. (le pirate c ptet enfin endormi, attention qu'il ne se réveille pas)

Recif
WRInaute impliqué
WRInaute impliqué
 
Messages: 894
Enregistré le: 25 Aoû 2004

Message le Mar Aoû 28, 2007 13:43

Les logs étaient uniquement sur un site, pas sur les autres. Les fichiers appelés changent tous les jours (voire toutes les heures)...
J'ai du interdire l'accès au site, ce qui a rétabli temporairement les autres (le serveur tenant la charge), et l'hébergeur a mis en place un script qui récupère toutes les ips qui essayent de se connecter sur ce site et les balance directement dans iptables.
Ensuite on a redirigé le domaine du site en question vers 127.0.0.1

Voilà à mon avis pourquoi c'est calme depuis ce matin...

tofm2
WRInaute passionné
WRInaute passionné
 
Messages: 2212
Enregistré le: 9 Avr 2005

Message le Mar Aoû 28, 2007 14:01

Recif a écrit:Comment je pourrais risquer un endomagement physique, je comprends pas trop... Le serveur est saturé de requêtes, donc au pire le serveur (logiciel) tombe, mais c'est tout... :?:


les requètes, ça fait travailler le serveur, ne serait-ce que du côté swap disque.

En effet, gérer autant de requètes consomme beaucoup de mémoire, d'autant plus que, je veux dire dans le cas de vraies DDOS, il ne s'agit pas vraiment de requètes de fichiers, mais plutôt de requètes d'ouverture de connections TCP, avec délai infini (SYN/FLOOD), qui ne se ferment jamais et donc finissent par faire tomber (souvent physiquement) le serveur en rade, pour cause de mémoire sursaturée/accès swap continu.

c'est ce qui me fait dire que tu as été la victime de SK, ou d'un ver quelconque, j'avais signalé un problème à peu près similaire il y a quelque temps, http://forum.webrankinfo.com/attention-probleme-securite-avec-spip-eva-t76189.html
après avoir vu une augmentation de 5X du traffic sur un de mes sites,
je l'avais résolu en interdisant l'accès au referer en question. A l'époque, il s'agissait de téléchargement de rootkits.

Par contre, après un coup d'oeil jeté rapidement au log apache que tu envoies, je remarque que beaucoup des IP en question sont des fournisseurs d'accès ADSL de l'europe de l'ouest (9 telecom, free, belgacom etc etc) mais beaucoup d'entre eux ont des referrers qui parlent russe.... (attention cependant à ne pas virer au James bond des années 60, ce n'est qu'une constatation).

L'erreur 403? c'est toi qui as interdit l'accès au fichier en question??

Le log, il ne correspond qu'à ton problème de DDOS? tu as filtré l'activité normale du serveur ??

Encore un petit truc, le log que tu envoies est certes chargé, il correspond à deux secondes de temps serveur. mais dans le cadre d'une vraie DDOS, tu peux le multiplier par 10 ou 100, ou par la valeur de la BP maxi de ton hébergeur....
Modifié en dernier par tofm2 le Mar Aoû 28, 2007 14:17, modifié 2 fois.

Recif
WRInaute impliqué
WRInaute impliqué
 
Messages: 894
Enregistré le: 25 Aoû 2004

Message le Mar Aoû 28, 2007 14:09

Ah ok, pour moi, physiquement ca voulait dire endomagement du materiel. Là c'est une saturation c'est tout, un reboot suffit à repartir à 0.


Formation recommandée sur ce thème :

Formation Google Analytics : en 2 jours, apprenez comment exploiter l'essentiel des possibilités de l'outil de mesure d'audience de Google. Formation animée par les experts Google Analytics de Ranking Metrics.

Tous les détails sur le site Ranking Metrics : programme, prix, dates et lieux, inscription en ligne.

Lectures recommandées sur ce thème :