HTTPoxy Vulnerability


Status
Not open for further replies.

paijo2

Apprentice 1.0
tanya donk

apakah ini salah satu ddos http ??

# cat /usr/local/apache/logs/access_log | grep 208.83.7.181 | tail -10
208.83.7.181 - - [22/Jul/2016:15:03:37 +0200] "GET /?id=1469192657445&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56228
208.83.7.181 - - [22/Jul/2016:15:03:37 +0200] "GET /?id=1469192657445&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56228
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658108&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48075
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658108&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48075
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658372&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56047
208.83.7.181 - - [22/Jul/2016:15:03:38 +0200] "GET /?id=1469192658372&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56047
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659095&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48324
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659095&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 48324
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659387&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56263
208.83.7.181 - - [22/Jul/2016:15:03:39 +0200] "GET /?id=1469192659387&msg=YOU HAVE BEEN HACKED HTTP/1.0" 200 56263

saya alami ini di salah satu server yang membuat load average bengkak di atas 300.xx

ini mah http flooding biasa.. bisa dilimit kok..
 

mustafaramadhan

Hosting Guru
gimana cara kick-nya pak kalo pake nginx-proxy kloxomr ?
Semua sudah ada mekanisme penangkal DDOS di Kloxo-MR 7.0. Tapi, seberapa efektif kah?. Efektif tidaknya tergantung webserver yang dipakai.

Yang bikin tambah pusing kalau ada DDOS dengan tambahan header 'Proxy'! tapi server tidak dimitigasi untuk header ini.
 
Status
Not open for further replies.

Top