Possibility of flood

S

Subtitle

Verified User
Joined
Oct 13, 2006
Messages
11
I got 13 message from mod_security:


Banned the following ip addresses on Sat Oct 28 20:36:01 EDT 2006

72.10.xxx.xxx with 633 connections

but in all message is the same IP and this IP is one of my dedicated IP.


and one from mod_evasive (Here too is the same dedicated IP)


To: [email protected]
Subject: HTTP BLACKLIST 72.10.xxx.xxx

mod_evasive HTTP Blacklisted 72.10.xxx.xxx


If i check for access_log i got:


72.24.249.30 - - [27/Oct/2006:22:59:14 -0400] "GET / HTTP/1.0" 200 2673 "-" "-"
60.27.64.162 - - [28/Oct/2006:04:04:10 -0400] "GET http://www.yahoo.com/ HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
60.27.64.162 - - [28/Oct/2006:04:04:10 -0400] "GET http://www.yahoo.com/ HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
60.27.64.162 - - [28/Oct/2006:04:04:10 -0400] "GET http://www.yahoo.com/ HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
60.27.64.162 - - [28/Oct/2006:04:04:10 -0400] "GET http://www.yahoo.com/ HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
60.27.64.162 - - [28/Oct/2006:04:04:10 -0400] "GET http://www.yahoo.com/ HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
60.27.64.162 - - [28/Oct/2006:04:04:10 -0400] "GET http://www.yahoo.com/ HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
60.27.64.162 - - [28/Oct/2006:04:04:10 -0400] "GET http://www.yahoo.com/ HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
60.27.64.162 - - [28/Oct/2006:04:04:10 -0400] "GET http://www.yahoo.com/ HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
72.242.240.229 - - [28/Oct/2006:17:58:49 -0400] "GET / HTTP/1.0" 200 2673 "-" "-"


and in the error_log:


[Sat Oct 28 04:04:10 2006] [error] [client 60.27.64.162] File does not exist: /etc/httpd/errordocs/500
[Sat Oct 28 04:04:10 2006] [error] [client 60.27.64.162] mod_security: Access denied with code 500. Pattern match "^GET (http|https|ftp)\\\\:/" at THE_REQUEST [severity "EMERGENCY"] [hostname "www.yahoo.com"] [uri "http://www.yahoo.com/"]
[Sat Oct 28 04:04:10 2006] [error] [client 60.27.64.162] File does not exist: /etc/httpd/errordocs/500
[Sat Oct 28 04:04:10 2006] [error] [client 60.27.64.162] mod_security: Access denied with code 500. Pattern match "^GET (http|https|ftp)\\\\:/" at THE_REQUEST [severity "EMERGENCY"] [hostname "www.yahoo.com"] [uri "http://www.yahoo.com/"]
[Sat Oct 28 04:04:10 2006] [error] [client 60.27.64.162] File does not exist: /etc/httpd/errordocs/500
[Sat Oct 28 04:04:10 2006] [error] [client 60.27.64.162] mod_security: Access denied with code 500. Pattern match "^GET (http|https|ftp)\\\\:/" at THE_REQUEST [severity "EMERGENCY"] [hostname "www.yahoo.com"] [uri "http://www.yahoo.com/"]
[Sat Oct 28 04:04:10 2006] [error] [client 60.27.64.162] File does not exist: /etc/httpd/errordocs/500
[Sat Oct 28 04:04:10 2006] [error] [client 60.27.64.162] mod_security: Access denied with code 500. Pattern match "^GET (http|https|ftp)\\\\:/" at THE_REQUEST [severity "EMERGENCY"] [hostname "www.yahoo.com"] [uri "http://www.yahoo.com/"]
[Sat Oct 28 04:04:10 2006] [error] [client 60.27.64.162] File does not exist: /etc/httpd/errordocs/500
[Sat Oct 28 18:14:47 2006] [error] server reached MaxClients setting, consider raising the MaxClients setting


What is that and how can i stop that ?
 
Last edited:
You must log in or register to reply here.
Back
Top