1

My Apache server has been overloading and I'm trying to trouble shoot why. In looking into the apache access log I see tons of entries like this:

POST /?CtrlFunc_999999AAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.0
POST /?CtrlFunc_ppppqqqqqqqrrrrrrrsssssssstttt HTTP/1.0
POST /?CtrlFunc_KOUZdilsx27BGKOSXbfkpv05AGKPTX HTTP/1.0
POST /?CtrlFunc_rrsssssstttttuuuuuvvvvvwwwwwwx HTTP/1.0

All from different IP addresses. It seems strange that all these different IP's would all be sending sequential alpha-numeric requests. Is this some type of encoding that I'm not familiar with? I couldn't find out anything about the: 

?CtrlFunc

either. There are hundreds of entries like this coming from IP addresses in China, Taiwan, India, Equador, and Spain to name a few. Is this normal behavior? I'm just trying to track down why my apache server gets overloaded every time I turn it on. Maybe there's a more efficient way to look at the server processes, but I haven't found it.

4

1 回答 1

0

我见过同样的攻击。

互联网风暴中心的人没有停止流量的方法,但对如何丢弃传入的请求有一些建议:

https://isc.sans.edu/forums/diary/Defending+Against+Web+Server+Denial+of+Service+Attacks/16240

特别是来自 Mod_Security 团队成员的评论 #2,这似乎对我很有效。

于 2013-08-02T18:03:54.750 回答