Attaques DDOS : comment contrer?

WRInaute impliqué
Bonjour,

Depuis 5 jours mon serveur dédié est à plat à cause d'abrutis qui ont lancé une attaque DDOS... Avez vous des solutions pour contrer ce type d'attaque (linux/apache)?
 
WRInaute impliqué
Il faut contacter l'hébergeur immédiatement. C'est le seul à avoir les moyens de "bloquer" (ou tout du moins "atténuer") l'attaque...
 
WRInaute passionné
L'attaque a lieu de quelle manière ? sur ton nom de domaine ? sur l'IP ?

Une attaque DDOS depuis 5 jours... ça m'étonne... c'est pas des gamins qui t'attaquent... que leur as-tu fait ? :)
 
WRInaute impliqué
FloBaoti a dit:
Il faut contacter l'hébergeur immédiatement. C'est le seul à avoir les moyens de "bloquer" (ou tout du moins "atténuer") l'attaque...

L'hébergeur me dit qu'il ne peut rien faire... Qu'il n'y a plus qu'à attendre qu'il se lasse...! Mais qu'il n'y a aucun moyen de lutter.
Je n'y crois pas.
 
WRInaute impliqué
Robinson a dit:
L'attaque a lieu de quelle manière ? sur ton nom de domaine ? sur l'IP ?
A priori sur l'ip.

Une attaque DDOS depuis 5 jours... ça m'étonne... c'est pas des gamins qui t'attaquent... que leur as-tu fait ? :)
Eh bien j'aimerais bien en avoir un en ligne pour le lui demander!...
 
WRInaute passionné
Je ne m'y connais pas, mais j'utiliserai une solution radicale, bloquer toutes les IP, sauf la mienne !
Ensuite, beh euuh j'aviserai... j'essairai de débloquer des tranches d'ip.
 
WRInaute impliqué
Le "problème" lors d'une attaque DDoS digne de ce nom, c'est que le serveur est surchargé et ne répond donc plus.
Donc c'est en fait inutile de lui appliquer des filtres dessus (bloquages d'IP ou autres), puisqu'il restera surchargé ne serais-ce que par les demandes de connexions (qui pourront certes être refusées).

Le seul moyen possible est au niveau d'un routeur ou d'un switch, qui sont en théorie capables de filtrer plus facilement que ton serveur (ils traitent beaucoup plus de paquets par secondes que chaque serveur)...
Mais si ton hébergeur ne veux rien faire, ça sent pas bon...

C'est vrai que 5 jours, ça me parait bien long.

Es-tu sûr qu'il s'agisse d'un DDoS ? (peut-être ton serveur est-il instable...) D'où proviennent les IP qui semblent attaquer?
 
WRInaute impliqué
L'hébergeur me répond que les switchs/routeurs/FW ne savent pas faire ça. C'est faux car Checkpoint contient un module spécifique contre les attaques de ce type...

Oui, je suis certain que c'est une attaque DDOS. court extrait du log:

Code:
82.42.37.128 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
89.89.104.207 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.53.112.49 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.123.19.6 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
218.209.109.17 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
77.181.214.56 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.182.115.41 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.42.37.128 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.61.53.65 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.143.198.36 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.212.161.40 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
196.206.132.17 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
83.77.33.208 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.92.28.238 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.182.115.41 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.74.232 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.53.112.49 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.212.161.40 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
221.5.176.4 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
213.118.207.148 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
77.181.214.56 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
122.252.71.209 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.61.53.65 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
83.77.33.208 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.92.28.238 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.143.198.36 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
196.40.86.157 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.123.19.6 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.53.112.49 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
77.181.214.56 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
83.77.33.208 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.61.53.65 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.53.112.49 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.92.28.238 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.143.198.36 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
77.181.214.56 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.197.247.202 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.123.19.6 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
212.71.32.87 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.240.55 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.53.112.49 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.74.232 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
83.209.43.138 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.75.225.195 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
83.77.33.208 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.42.37.128 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.92.28.238 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.212.161.40 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.61.53.65 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.182.115.41 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.126.240.55 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.42.37.128 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.209.118 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.212.161.40 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.182.115.41 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
77.181.214.56 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.53.112.49 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
213.118.207.148 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.74.232 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.126.240.55 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.209.118 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.143.198.36 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.42.37.128 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.212.161.40 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
82.182.115.41 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

Voilà pour 2 secondes...
 
WRInaute impliqué
Endomager le materiel?? Euh non, je ne pense pas qu'il y ait un risque de ce côté là.
Et arrêter apache je ne peux pas, j'ai des tas de sites qui tournent dessus.
Ce matin ca s'est calmé...
 
WRInaute passionné
Recif a dit:
Endomager le materiel?? Euh non, je ne pense pas qu'il y ait un risque de ce côté là.
Et arrêter apache je ne peux pas, j'ai des tas de sites qui tournent dessus.
Ce matin ca s'est calmé...

dans ce genre de cas, c'est la solution la plus efficace

si tu risque un endommagement physique côté serveur

ça ne ressemble pas vraiment à une DDOS
 
WRInaute impliqué
Comment je pourrais risquer un endomagement physique, je comprends pas trop... Le serveur est saturé de requêtes, donc au pire le serveur (logiciel) tombe, mais c'est tout... :?:
 
WRInaute passionné
C'est ce que j'allais dire hier soir suite à ton log, ça ne ressemble pas à une attaque DDOS.

Tu as plusieurs sites sur ton serveur, donc tous sont/étaient quasi inaccessibles !
Je ne vois pas en quoi ça t'aurait géné de stopper apache quelques minutes/heures.
De plus, si tu cherches mieux dans tes logs, tu verrai quel fichier est appelé à autant de reprises car ce n'est visiblement pas ton ip qui est visée. (ou alors par conséquent, le fichier accessible directement par ton ip)

Mais cela semble terminé, tant mieux pour toi. (le pirate c ptet enfin endormi, attention qu'il ne se réveille pas)
 
WRInaute impliqué
Les logs étaient uniquement sur un site, pas sur les autres. Les fichiers appelés changent tous les jours (voire toutes les heures)...
J'ai du interdire l'accès au site, ce qui a rétabli temporairement les autres (le serveur tenant la charge), et l'hébergeur a mis en place un script qui récupère toutes les ips qui essayent de se connecter sur ce site et les balance directement dans iptables.
Ensuite on a redirigé le domaine du site en question vers 127.0.0.1

Voilà à mon avis pourquoi c'est calme depuis ce matin...
 
WRInaute passionné
Recif a dit:
Comment je pourrais risquer un endomagement physique, je comprends pas trop... Le serveur est saturé de requêtes, donc au pire le serveur (logiciel) tombe, mais c'est tout... :?:

les requètes, ça fait travailler le serveur, ne serait-ce que du côté swap disque.

En effet, gérer autant de requètes consomme beaucoup de mémoire, d'autant plus que, je veux dire dans le cas de vraies DDOS, il ne s'agit pas vraiment de requètes de fichiers, mais plutôt de requètes d'ouverture de connections TCP, avec délai infini (SYN/FLOOD), qui ne se ferment jamais et donc finissent par faire tomber (souvent physiquement) le serveur en rade, pour cause de mémoire sursaturée/accès swap continu.

c'est ce qui me fait dire que tu as été la victime de SK, ou d'un ver quelconque, j'avais signalé un problème à peu près similaire il y a quelque temps, https://www.webrankinfo.com/forum/t/attention-probleme-de-securite-avec-spip-eva.76189/
après avoir vu une augmentation de 5X du traffic sur un de mes sites,
je l'avais résolu en interdisant l'accès au referer en question. A l'époque, il s'agissait de téléchargement de rootkits.

Par contre, après un coup d'oeil jeté rapidement au log apache que tu envoies, je remarque que beaucoup des IP en question sont des fournisseurs d'accès ADSL de l'europe de l'ouest (9 telecom, free, belgacom etc etc) mais beaucoup d'entre eux ont des referrers qui parlent russe.... (attention cependant à ne pas virer au James bond des années 60, ce n'est qu'une constatation).

L'erreur 403? c'est toi qui as interdit l'accès au fichier en question??

Le log, il ne correspond qu'à ton problème de DDOS? tu as filtré l'activité normale du serveur ??

Encore un petit truc, le log que tu envoies est certes chargé, il correspond à deux secondes de temps serveur. mais dans le cadre d'une vraie DDOS, tu peux le multiplier par 10 ou 100, ou par la valeur de la BP maxi de ton hébergeur....
 
WRInaute impliqué
Ah ok, pour moi, physiquement ca voulait dire endomagement du materiel. Là c'est une saturation c'est tout, un reboot suffit à repartir à 0.
 
Discussions similaires
Haut