Apache Requests

frank.temi_at_gmail.com
Date: 07/05/05

  • Next message: j64800000_at_yahoo.com: "Restrict logon hours"
    Date: 5 Jul 2005 05:02:44 -0000
    To: security-basics@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) Hi there, since last Thursday my site has been getting some wierd homepage requests and I hope someone could help me understand what is happening for it is almost like a DOS since it is causing major issues.

    I have a load balancer that balances the load between 3 servers. Each of the servers run mod perl and apache.

    Here are the logs:

    24.A.A.A - - [04/Jul/2005:01:15:17 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hotbar 4.6.1)"
    24.A.A.A - - [04/Jul/2005:01:15:17 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hotbar 4.6.1)"
    24.A.A.A - - [04/Jul/2005:01:15:17] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    24.B.B.B - - [04/Jul/2005:01:15:47 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    24.B.B.B - - [04/Jul/2005:01:15:47 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    24.B.B.B - - [04/Jul/2005:01:15:48 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    207.C.C.C - - [04/Jul/2005:01:15:49 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    207.C.C.C - - [04/Jul/2005:01:15:49 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    207.C.C.C - - [04/Jul/2005:01:15:49 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    207.C.C.C - - [04/Jul/2005:01:15:49 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    207.C.C.C - - [04/Jul/2005:01:15:49 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    24.D.D.D - - [04/Jul/2005:01:15:51 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    24.D.D.D - - [04/Jul/2005:01:15:51 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    24.D.D.D - - [04/Jul/2005:01:15:51 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    24.D.D.D - - [04/Jul/2005:01:15:51 -0600] "GET / HTTP/1.1" 200 24920 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;

    As you can see there are 4 different people calling the homepage however each request is not done just once but multiple times at the same exact time. The page uses a database and connections are getting maxed out.

    Does anyone recognize this issue at all? Should I be concerned with it?

    Thanks a lot


  • Next message: j64800000_at_yahoo.com: "Restrict logon hours"