Attaques DDOS : comment contrer?

Discussion dans 'Administration d'un site Web' créé par Recif, 27 Août 2007.

  1. Recif
    Recif WRInaute impliqué
    Inscrit:
    25 Août 2004
    Messages:
    848
    J'aime reçus:
    0
    Bonjour,

    Depuis 5 jours mon serveur dédié est à plat à cause d'abrutis qui ont lancé une attaque DDOS... Avez vous des solutions pour contrer ce type d'attaque (linux/apache)?
     
  2. Robinson
    Robinson WRInaute passionné
    Inscrit:
    26 Octobre 2005
    Messages:
    1 636
    J'aime reçus:
    0
    Bloquer toutes les ip coupables pendant un ptit moment...
     
  3. Recif
    Recif WRInaute impliqué
    Inscrit:
    25 Août 2004
    Messages:
    848
    J'aime reçus:
    0
    Merci pour ta réponse.
    Et quand il y en a une infinité, et sans cesse renouvelées?
     
  4. FloBaoti
    FloBaoti WRInaute impliqué
    Inscrit:
    30 Avril 2006
    Messages:
    640
    J'aime reçus:
    0
    Il faut contacter l'hébergeur immédiatement. C'est le seul à avoir les moyens de "bloquer" (ou tout du moins "atténuer") l'attaque...
     
  5. Robinson
    Robinson WRInaute passionné
    Inscrit:
    26 Octobre 2005
    Messages:
    1 636
    J'aime reçus:
    0
    L'attaque a lieu de quelle manière ? sur ton nom de domaine ? sur l'IP ?

    Une attaque DDOS depuis 5 jours... ça m'étonne... c'est pas des gamins qui t'attaquent... que leur as-tu fait ? :)
     
  6. Recif
    Recif WRInaute impliqué
    Inscrit:
    25 Août 2004
    Messages:
    848
    J'aime reçus:
    0
    L'hébergeur me dit qu'il ne peut rien faire... Qu'il n'y a plus qu'à attendre qu'il se lasse...! Mais qu'il n'y a aucun moyen de lutter.
    Je n'y crois pas.
     
  7. Recif
    Recif WRInaute impliqué
    Inscrit:
    25 Août 2004
    Messages:
    848
    J'aime reçus:
    0
    A priori sur l'ip.

    Eh bien j'aimerais bien en avoir un en ligne pour le lui demander!...
     
  8. Robinson
    Robinson WRInaute passionné
    Inscrit:
    26 Octobre 2005
    Messages:
    1 636
    J'aime reçus:
    0
    Je ne m'y connais pas, mais j'utiliserai une solution radicale, bloquer toutes les IP, sauf la mienne !
    Ensuite, beh euuh j'aviserai... j'essairai de débloquer des tranches d'ip.
     
  9. darmond.j
    darmond.j WRInaute discret
    Inscrit:
    18 Février 2007
    Messages:
    217
    J'aime reçus:
    0
  10. FloBaoti
    FloBaoti WRInaute impliqué
    Inscrit:
    30 Avril 2006
    Messages:
    640
    J'aime reçus:
    0
    Le "problème" lors d'une attaque DDoS digne de ce nom, c'est que le serveur est surchargé et ne répond donc plus.
    Donc c'est en fait inutile de lui appliquer des filtres dessus (bloquages d'IP ou autres), puisqu'il restera surchargé ne serais-ce que par les demandes de connexions (qui pourront certes être refusées).

    Le seul moyen possible est au niveau d'un routeur ou d'un switch, qui sont en théorie capables de filtrer plus facilement que ton serveur (ils traitent beaucoup plus de paquets par secondes que chaque serveur)...
    Mais si ton hébergeur ne veux rien faire, ça sent pas bon...

    C'est vrai que 5 jours, ça me parait bien long.

    Es-tu sûr qu'il s'agisse d'un DDoS ? (peut-être ton serveur est-il instable...) D'où proviennent les IP qui semblent attaquer?
     
  11. Recif
    Recif WRInaute impliqué
    Inscrit:
    25 Août 2004
    Messages:
    848
    J'aime reçus:
    0
    L'hébergeur me répond que les switchs/routeurs/FW ne savent pas faire ça. C'est faux car Checkpoint contient un module spécifique contre les attaques de ce type...

    Oui, je suis certain que c'est une attaque DDOS. court extrait du log:

    Code:
    82.42.37.128 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.74.232 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    89.89.104.207 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.53.112.49 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.123.19.6 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    218.209.109.17 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    77.181.214.56 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.182.115.41 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.42.37.128 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.61.53.65 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.143.198.36 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.74.232 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.212.161.40 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    196.206.132.17 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    83.77.33.208 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.92.28.238 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.182.115.41 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.126.74.232 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.155.56 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.53.112.49 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.212.161.40 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    221.5.176.4 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.120.36.50 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.154.209.118 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.251.137.225 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    213.118.207.148 - - [27/Aug/2007:20:02:35 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.240.55 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.51.176.119 - - [27/Aug/2007:20:02:35 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    77.181.214.56 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    122.252.71.209 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.61.53.65 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    83.77.33.208 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.92.28.238 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.143.198.36 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    196.40.86.157 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.123.19.6 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.53.112.49 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    77.181.214.56 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    83.77.33.208 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.61.53.65 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.53.112.49 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.92.28.238 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.126.240.55 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.120.36.50 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.42.37.128 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.51.176.119 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.251.137.225 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.143.198.36 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.74.232 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    77.181.214.56 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.212.161.40 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.209.118 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.197.247.202 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.155.56 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.182.115.41 - - [27/Aug/2007:20:02:36 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.123.19.6 - - [27/Aug/2007:20:02:36 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    212.71.32.87 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.240.55 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.53.112.49 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.126.74.232 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    83.209.43.138 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.209.118 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.75.225.195 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    83.77.33.208 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.42.37.128 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.92.28.238 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.212.161.40 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.61.53.65 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.182.115.41 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.126.240.55 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.42.37.128 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.74.232 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.209.118 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.212.161.40 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.182.115.41 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    77.181.214.56 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.53.112.49 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    213.118.207.148 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.74.232 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.126.240.55 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.120.36.50 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.154.209.118 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.51.176.119 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.143.198.36 - - [27/Aug/2007:20:02:37 +0200] "GET / HTTP/1.1" 403 202 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    62.197.85.76 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.42.37.128 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    82.154.155.56 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Opera/9.02 (Windows NT 5.1; U; ru)"
    82.251.137.225 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.212.161.40 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
    82.182.115.41 - - [27/Aug/2007:20:02:37 +0200] "GET /en/Default/Profit/ HTTP/1.1" 403 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    Voilà pour 2 secondes...
     
  12. Morph1er
    Morph1er WRInaute occasionnel
    Inscrit:
    7 Juillet 2004
    Messages:
    280
    J'aime reçus:
    0
    Déjà, éteinds apache... Tu risques d'endommager ton matériel à le laisser comme ça.
     
  13. Recif
    Recif WRInaute impliqué
    Inscrit:
    25 Août 2004
    Messages:
    848
    J'aime reçus:
    0
    Endomager le materiel?? Euh non, je ne pense pas qu'il y ait un risque de ce côté là.
    Et arrêter apache je ne peux pas, j'ai des tas de sites qui tournent dessus.
    Ce matin ca s'est calmé...
     
  14. tofm2
    tofm2 WRInaute passionné
    Inscrit:
    9 Avril 2005
    Messages:
    1 392
    J'aime reçus:
    0
    dans ce genre de cas, c'est la solution la plus efficace

    si tu risque un endommagement physique côté serveur

    ça ne ressemble pas vraiment à une DDOS
     
  15. Recif
    Recif WRInaute impliqué
    Inscrit:
    25 Août 2004
    Messages:
    848
    J'aime reçus:
    0
    Comment je pourrais risquer un endomagement physique, je comprends pas trop... Le serveur est saturé de requêtes, donc au pire le serveur (logiciel) tombe, mais c'est tout... :?:
     
  16. Robinson
    Robinson WRInaute passionné
    Inscrit:
    26 Octobre 2005
    Messages:
    1 636
    J'aime reçus:
    0
    C'est ce que j'allais dire hier soir suite à ton log, ça ne ressemble pas à une attaque DDOS.

    Tu as plusieurs sites sur ton serveur, donc tous sont/étaient quasi inaccessibles !
    Je ne vois pas en quoi ça t'aurait géné de stopper apache quelques minutes/heures.
    De plus, si tu cherches mieux dans tes logs, tu verrai quel fichier est appelé à autant de reprises car ce n'est visiblement pas ton ip qui est visée. (ou alors par conséquent, le fichier accessible directement par ton ip)

    Mais cela semble terminé, tant mieux pour toi. (le pirate c ptet enfin endormi, attention qu'il ne se réveille pas)
     
  17. Recif
    Recif WRInaute impliqué
    Inscrit:
    25 Août 2004
    Messages:
    848
    J'aime reçus:
    0
    Les logs étaient uniquement sur un site, pas sur les autres. Les fichiers appelés changent tous les jours (voire toutes les heures)...
    J'ai du interdire l'accès au site, ce qui a rétabli temporairement les autres (le serveur tenant la charge), et l'hébergeur a mis en place un script qui récupère toutes les ips qui essayent de se connecter sur ce site et les balance directement dans iptables.
    Ensuite on a redirigé le domaine du site en question vers 127.0.0.1

    Voilà à mon avis pourquoi c'est calme depuis ce matin...
     
  18. tofm2
    tofm2 WRInaute passionné
    Inscrit:
    9 Avril 2005
    Messages:
    1 392
    J'aime reçus:
    0
    les requètes, ça fait travailler le serveur, ne serait-ce que du côté swap disque.

    En effet, gérer autant de requètes consomme beaucoup de mémoire, d'autant plus que, je veux dire dans le cas de vraies DDOS, il ne s'agit pas vraiment de requètes de fichiers, mais plutôt de requètes d'ouverture de connections TCP, avec délai infini (SYN/FLOOD), qui ne se ferment jamais et donc finissent par faire tomber (souvent physiquement) le serveur en rade, pour cause de mémoire sursaturée/accès swap continu.

    c'est ce qui me fait dire que tu as été la victime de SK, ou d'un ver quelconque, j'avais signalé un problème à peu près similaire il y a quelque temps, https://www.webrankinfo.com/forum/t/attention-probleme-de-securite-avec-spip-eva.76189/
    après avoir vu une augmentation de 5X du traffic sur un de mes sites,
    je l'avais résolu en interdisant l'accès au referer en question. A l'époque, il s'agissait de téléchargement de rootkits.

    Par contre, après un coup d'oeil jeté rapidement au log apache que tu envoies, je remarque que beaucoup des IP en question sont des fournisseurs d'accès ADSL de l'europe de l'ouest (9 telecom, free, belgacom etc etc) mais beaucoup d'entre eux ont des referrers qui parlent russe.... (attention cependant à ne pas virer au James bond des années 60, ce n'est qu'une constatation).

    L'erreur 403? c'est toi qui as interdit l'accès au fichier en question??

    Le log, il ne correspond qu'à ton problème de DDOS? tu as filtré l'activité normale du serveur ??

    Encore un petit truc, le log que tu envoies est certes chargé, il correspond à deux secondes de temps serveur. mais dans le cadre d'une vraie DDOS, tu peux le multiplier par 10 ou 100, ou par la valeur de la BP maxi de ton hébergeur....
     
  19. Recif
    Recif WRInaute impliqué
    Inscrit:
    25 Août 2004
    Messages:
    848
    J'aime reçus:
    0
    Ah ok, pour moi, physiquement ca voulait dire endomagement du materiel. Là c'est une saturation c'est tout, un reboot suffit à repartir à 0.
     
Chargement...
Similar Threads - Attaques DDOS contrer Forum Date
Protection contre les attaques httpd (ddos) Administration d'un site Web 15 Novembre 2008
La carte des cyberattaques dans le monde en temps réel... Le café de WebRankInfo 1 Mars 2022
Attaques sshd en masse : qui fait çà ? Administration d'un site Web 19 Mai 2020
"Attaques" de mon site (négatif SEO) Problèmes de référencement spécifiques à vos sites 16 Février 2018
Mes sites sont attaqués ! Google Analytics 7 Décembre 2016
Que faire contre les attaques seo Demandes d'avis et de conseils sur vos sites 13 Juillet 2016
Lutte contre les attaques en cross scripting Google Analytics 17 Septembre 2015
Attaques SEO Negative, que faire AVANT que ça arrive? Débuter en référencement 4 Juillet 2014
Apache optimisation et sécurisation (attaques DoS) Administration d'un site Web 4 Mai 2011
Se prémunir des attaques de type union select (...) Administration d'un site Web 6 Juillet 2010
Des attaques sur mon serveur Administration d'un site Web 8 Juin 2010
Sécuriser/protéger un site contre d'éventuelles attaques Développement d'un site Web ou d'une appli mobile 12 Mars 2010
Solution : mettre en echec les attaques "Eval base64_decode" Administration d'un site Web 2 Février 2010
Attaques Web et securité de mon site internet Administration d'un site Web 22 Septembre 2009
Le WAF (web application fire wall = reverse proxy) contre les attaques web Administration d'un site Web 20 Novembre 2008
[Résolu] attaques de serveurs de OVH Administration d'un site Web 13 Mai 2008
Attaques quotidiennes sur mes serveurs Administration d'un site Web 7 Novembre 2007
Attaques sur site web : quels sont les vrais risques ? Administration d'un site Web 4 Octobre 2007
mieux proteger mon site contre des attaques Développement d'un site Web ou d'une appli mobile 6 Février 2006
Reroutage des supposées attaques sur son concurrent. Administration d'un site Web 30 Octobre 2005