HTTPoxy Vulnerability


Status
Not open for further replies.

daiserver

Apprentice 2.0
Sepertinya litespeed ikut melakukan updating juga. versi sebelumnya masih " HTTP/1.0 200 OK "

Code:
wget -S --header="Proxy: 1.2.3.4:8080" https://daiserver.com
--2016-07-22 08:21:12--  https://daiserver.com/
Resolving daiserver.com... 45.35.40.70
Connecting to daiserver.com|45.35.40.70|:443... connected.
HTTP request sent, awaiting response...
  HTTP/1.0 400 Bad Request
  Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
  Pragma: no-cache
  Content-Type: text/html
  Content-Length: 1121
  Date: Fri, 22 Jul 2016 15:28:59 GMT
  Accept-Ranges: bytes
  Server: LiteSpeed
  Connection: close
2016-07-22 08:21:13 ERROR 400: Bad Request.

terimakasih pak @mustafaramadhan atas informasinya, saya kemarin sempat mendapatkan informasi dari teman seo dari luar mengenai permasalahan ini dan berita mengenai cloudflare diatas.
 

mustafaramadhan

Hosting Guru
Ada beberapa client saya yang pakai Kloxo-MR terkena 'dampak' sehingga website tidak bisa diakses. Kejadian sekitar 1-2 lalu. Jelas belum ada 'solusi' ketika itu.

Menyerang pakai teknik httpoxy ini lebih mudah daripada teknis DDOS. Tidak perlu banyak server untuk 'menyerang' suatu website.
 

pangeran1995

Hosting Guru
tanya donk

apakah ini salah satu ddos http ??

# cat /usr/local/apache/logs/access_log | grep 208.83.7.181 | tail -10
208.83.7.181 - - [22/Jul/2016:15:03:37 +0200] "GET /?id=1469192657445&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56228
208.83.7.181 - - [22/Jul/2016:15:03:37 +0200] "GET /?id=1469192657445&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56228
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658108&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48075
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658108&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48075
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658372&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56047
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658372&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56047
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659095&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48324
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659095&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48324
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659387&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56263
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659387&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56263

saya alami ini di salah satu server yang membuat load average bengkak di atas 300.xx
 

mustafaramadhan

Hosting Guru
tanya donk

apakah ini salah satu ddos http ??

# cat /usr/local/apache/logs/access_log | grep 208.83.7.181 | tail -10
208.83.7.181 - - [22/Jul/2016:15:03:37 +0200] "GET /?id=1469192657445&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56228
208.83.7.181 - - [22/Jul/2016:15:03:37 +0200] "GET /?id=1469192657445&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56228
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658108&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48075
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658108&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48075
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658372&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56047
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658372&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56047
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659095&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48324
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659095&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48324
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659387&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56263
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659387&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56263

saya alami ini di salah satu server yang membuat load average bengkak di atas 300.xx
Ya. Salahsatunya mungkin pakai http://gudang---ngecit.blogspot.co.id/
 
Status
Not open for further replies.

Top