Willkommen in der Webstatt
User-1 am 02.06.07 14:16

Was soll ich tun?

Meine Trafficanzeige schnellt in die Höhe (hab jetzt gegen Nachmittag schon 2,6 GB Traffic, normal sind ca 300 MB am Tag) und es geht immer weiter!

Nur alleine wegen dem imeem-Downloader auf frankyonline.de:
64.131.65.26 - - [02/Jun/2007:14:16:02 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:03 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:03 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:03 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:03 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:03 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:04 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:04 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:04 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:04 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:04 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:05 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:05 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:05 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:05 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:06 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:06 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:06 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:06 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:07 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:08 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:08 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.159.5.55 - - [02/Jun/2007:14:16:08 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:09 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:09 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:09 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:09 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:10 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:10 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.131.65.26 - - [02/Jun/2007:14:16:10 +0200] "POST /imeem-download.php HTTP/1.0" 403 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"


Was soll ich tun? Wie funktioniert das mit der hosts.deny? Einfach nur pro Zeile eine IP? Hab' erstmal nur ne htaccess genommen, aber trotzdem gehts immer höher.. was kann ich tun?!

ErrorDocument 403 "denied"
Order allow,deny
Deny from 67.159.5.55
Deny from 64.131.65.26
allow from all


Viele Grüße,
xyz-72

// Hab nur 25 GB traffic / Monat, das wird teuer arghhh x/

netcup.de Warum gibt es hier Werbung?
User-2 am 02.06.07 14:26

Hast du root-Zugriff auf eine Shell?
Wenn ja, kick die Verbindung gleich beim reinkommen, sprich netfilter/iptables!

User-3 am 02.06.07 14:43

iptables -I INPUT -s böse_IP -j DROP

User-1 am 02.06.07 16:18

Mhh, iptables ist nicht installiert und installieren klappt irgendwie auch nicht :(

vs6609:~# apt-get install iptables
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
iptables
0 upgraded, 1 newly installed, 0 to remove and 25 not upgraded.
4 not fully installed or removed.
Need to get 0B/403kB of archives.
After unpacking 1364kB of additional disk space will be used.
Setting up util-linux (2.12r-19) ...
update-rc.d: /etc/init.d/hwclock.sh: file does not exist
dpkg: error processing util-linux (--configure):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
util-linux
E: Sub-process /usr/bin/dpkg returned an error code (1)
vs6609:~#


Was kann ich trotzdem tun? Und was ist "/etc/init.d/hwclock.sh"?

User-4 am 02.06.07 17:03

probier mal die ip per htaccess zu sperren

http://www.abakus-internet-marketing.de/foren/viewtopic/t-14013.html

User-5 am 02.06.07 19:21

das prob hatten wir auch mal bei nem projekt
sieht wohl nach nem ddos angriff aus

kannst kaum was dagegen machen eigentlich, außer größere server zu besorgen die sowas nicht auslastet

User-1 am 02.06.07 19:35

Mhh... ausgelastet ister ja nicht.. nur Traffic *grml*
Naja, nur kacke das iptables nicht funktioniert..

User-3 am 02.06.07 19:41

Quote
Original von xyz-152
das prob hatten wir auch mal bei nem projekt
sieht wohl nach nem ddos angriff aus

das ist doch kein ddos!!
besten falls ein dos, aber auch ein sehr schlechter...

User-5 am 04.06.07 16:59

was weiß ich wollte mich nur wichtig machen :D
aber so ein bischen so ist es doch ?

vll nicht so krass ...

User-3 am 04.06.07 18:51

ein dos legt ein system lahm, das da is nur traffic verursachen...

User-5 am 04.06.07 19:31

achso ok ;)

Creative Commons Lizenzvertrag
Alle Inhalte des Webstatt-Archivs stehen unter einer Creative Commons Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Unported Lizenz.

Impressum & Kontakt