当前位置: 代码迷 >> Java Web开发 >> 关于DDOS攻击,求解决方案解决方案
  详细解决方案

关于DDOS攻击,求解决方案解决方案

热度:2884   发布时间:2013-02-25 21:17:56
关于DDOS攻击,求解决方案
最近系统不太稳定,经过检查,发现是遭受DDOS攻击。先列出日志

环境如下:
windows server 2008、apache2.2

Java code
46.17.98.211 - - [11/Jun/2012:15:33:30 +0800] "GET http://www.eliteforo.com/forumdisplay.php?2-General&sort=title&order=desc HTTP/1.0" 200 4930068.233.239.10 - - [11/Jun/2012:15:33:35 +0800] "CONNECT 218.219.71.179:25 HTTP/1.0" 403 21894.228.203.175 - - [11/Jun/2012:15:33:29 +0800] "CONNECT ru.4game.com:443 HTTP/1.1" 200 -196.218.255.86 - - [11/Jun/2012:15:33:35 +0800] "GET http://login.bjs.yahoo.com/config/pwtoken_get?login=gillyflower&src=ygodgw&passwd=246a715e36ed8fca9be9e2444d887586&challenge=gGL7qB72A1Z47GpC7ICGzkb5wmoj&md5=1 HTTP/1.0" 200 474.53.9.50 - - [11/Jun/2012:15:33:35 +0800] "GET http://www.worldlingo.com/en/products_services/worldlingo_translator HTTP/1.1" 200 6818178.150.142.129 - - [11/Jun/2012:15:33:33 +0800] "POST http://www.trebesingerteufel.at/index.php?content=bookwrite HTTP/1.1" 200 1969994.228.203.175 - - [11/Jun/2012:15:33:12 +0800] "CONNECT www.ea.com:443 HTTP/1.0" 200 -46.17.98.211 - - [11/Jun/2012:15:33:34 +0800] "GET http://www.eliteoutlaws.net/smf/index.php?action=post;topic=2817.0;num_replies=2 HTTP/1.0" 200 254220.168.97.24 - - [11/Jun/2012:15:33:36 +0800] "GET http://v3.stat.ku6.com/dostatv.do?method=setVideoPlayCount&o=14168027&c=107000&v=WgGCxZckGELdNM2GIZqaCg..&rnd=0.17257032496854663 HTTP/1.1" 200 172203.93.208.66 - - [11/Jun/2012:15:33:33 +0800] "GET http://www.onlinedown.net/newhuagg/softdown_ggg_new.js HTTP/1.1" 200 1424212.117.172.80 - - [11/Jun/2012:15:33:35 +0800] "POST http://212.117.172.80/proxy5/check.php HTTP/1.1" 200 50074.73.7.221 - - [11/Jun/2012:15:33:37 +0800] "POST http://www.datpiff.com/xml/mixtapes.php HTTP/1.0" 503 32362.76.43.241 - - [11/Jun/2012:15:33:34 +0800] "GET http://tune.yandex.ru/region/ HTTP/1.1" 200 18704121.54.22.85 - - [11/Jun/2012:15:33:37 +0800] "GET /login.yahoo.com/config/login_unlock?login=sarah-b.rm:123 HTTP/1.0" 404 7274.53.9.50 - - [11/Jun/2012:15:33:36 +0800] "POST http://www.worldlingo.com/wl/ajax//call/plaincall/__System.pageLoaded.dwr HTTP/1.1" 200 195178.150.142.129 - - [11/Jun/2012:15:33:28 +0800] "POST http://singpatana.net/index.php?name=gbook&file=commit HTTP/1.1" 200 21495178.150.142.129 - - [11/Jun/2012:15:33:34 +0800] "GET http://zgtcw.eb2m.com/news/view/6 HTTP/1.1" 200 174546.17.98.211 - - [11/Jun/2012:15:33:34 +0800] "GET http://www.eurobricks.com/forum/index.php?app=core&module=global&section=register HTTP/1.0" 200 15207178.150.142.129 - - [11/Jun/2012:15:33:36 +0800] "GET http://ebisuno.com/cgi/faq/index.cgi?print+201206/120610000.txt HTTP/1.1" 200 4354196.218.255.86 - - [11/Jun/2012:15:33:37 +0800] "GET http://login.bjs.yahoo.com/config/pwtoken_get?login=gilsonite&src=ygodgw&passwd=246a715e36ed8fca9be9e2444d887586&challenge=gGL7qB72A1Z47GpC7ICGzkb5wmoj&md5=1 HTTP/1.0" 200 472.44.197.252 - - [11/Jun/2012:15:33:37 +0800] "GET http://local.yahoo.com/results?stx=Drug+Stores&csz=Depew+NY&ycatfilt=96928176 HTTP/1.1" 302 81109.169.76.10 - - [11/Jun/2012:15:33:33 +0800] "GET http://www.ongamepoker.com/games/handhistory/?sRoundReference=R5-247756712-1 HTTP/1.1" 200 532178.65.156.181 - - [11/Jun/2012:15:33:35 +0800] "POST http://199.80.55.135/login HTTP/1.1" 200 1130174.53.9.50 - - [11/Jun/2012:15:33:37 +0800] "POST http://www.worldlingo.com/wl/ajax//call/plaincall/ServiceApi.retrieveTranslation.dwr HTTP/1.1" 200 14646.17.98.211 - - [11/Jun/2012:15:33:36 +0800] "GET http://www.fanofalex.com/phpBB/images/avatars/mp3-sasha-htm HTTP/1.0" 404 -141.105.65.176 - - [11/Jun/2012:15:33:28 +0800] "GET http://forum.indonesianbacktrack.or.id/captcha.php?action=regimage&imagehash=adb6dfb71caf0d4149a59fdee731342e HTTP/1.0" 200 16384220.168.107.102 - - [11/Jun/2012:15:33:37 +0800] "GET http://www.cuctv.com/user/vInfo.aspx?vid=F4I9LWNMAUs HTTP/1.0" 200 64446.17.98.211 - - [11/Jun/2012:15:33:35 +0800] "GET http://www.familiensupport.info/joomla/index.php?option=com_simplestforum&view=postlist&forumId=0&Itemid=71 HTTP/1.0" 404 143361.147.111.3 - - [11/Jun/2012:15:33:34 +0800] "GET http://secunia.com/community/forum/csi/ HTTP/1.0" 200 4588574.53.9.50 - - [11/Jun/2012:15:33:38 +0800] "POST http://www.worldlingo.com/S3704.3/texttranslate HTTP/1.1" 302 -46.17.98.211 - - [11/Jun/2012:15:33:33 +0800] "GET http://www.emmaempire.net/archives/galleries/media.en.40693 HTTP/1.0" 404 1153472.44.197.252 - - [11/Jun/2012:15:33:38 +0800] "GET http://local.search.yahoo.com/search?p=Drug+Stores&addr=Depew+NY&limcat=96928176&focuslim=limcat HTTP/1.1" 200 14771196.218.255.86 - - [11/Jun/2012:15:33:39 +0800] "GET http://login.bjs.yahoo.com/config/pwtoken_get?login=gimbaljawed&src=ygodgw&passwd=246a715e36ed8fca9be9e2444d887586&challenge=gGL7qB72A1Z47GpC7ICGzkb5wmoj&md5=1 HTTP/1.0" 200 4212.117.172.80 - - [11/Jun/2012:15:33:38 +0800] "POST http://212.117.172.80/proxy5/check.php HTTP/1.1" 200 500121.54.22.85 - - [11/Jun/2012:15:33:40 +0800] "GET /login.yahoo.com/config/login_unlock?login=gina-s.rm:123 HTTP/1.0" 404 7274.53.9.50 - - [11/Jun/2012:15:33:39 +0800] "GET http://www.worldlingo.com/en/products_services/worldlingo_translator HTTP/1.1" 200 6818212.117.172.80 - - [11/Jun/2012:15:33:39 +0800] "POST http://212.117.172.80/proxy5/check.php HTTP/1.1" 200 50046.17.98.211 - - [11/Jun/2012:15:33:39 +0800] "GET http://www.e-samarinda.com/forum/forums HTTP/1.0" 404 334176.9.229.135 - - [11/Jun/2012:15:33:40 +0800] "GET http://search.yahoo.com/search?p=chromolithic+%E2%80%9Cpowered+by+b2evolution%E2%80%9D&sm=Yahoo%21+Search&fr=FP-tab-web-t&toggle=1&cop=&ei=UTF-8 HTTP/1.0" 502 705178.150.142.129 - - [11/Jun/2012:15:33:33 +0800] "GET http://www.navakun.net/perfect5/index.php?action=insert&que=Bdvjxznz&catid=0&topicnum=1098&htm=1097&ref=1097-1 HTTP/1.1" 200 168263178.150.142.129 - - [11/Jun/2012:15:33:40 +0800] "GET http://www.heme8.com/?post=65 HTTP/1.1" 400 39173.255.224.36 - - [11/Jun/2012:15:33:38 +0800] "GET http://www.anonymousproxylist.net/azenv2.php HTTP/1.1" 200 350178.150.142.129 - - [11/Jun/2012:15:33:38 +0800] "POST http://zgtcw.eb2m.com/news/view/6 HTTP/1.1" 302 6646.17.98.211 - - [11/Jun/2012:15:33:39 +0800] "GET http://www.fashhh.com/blog.php?page=view_blog&id=2030 HTTP/1.0" 302 -95.211.169.163 - - [11/Jun/2012:15:33:35 +0800] "GET http://www.globaltelecomsbusiness.com/Article/2907836/At-the-front-of-the-leaders-of-the-industry HTTP/1.1" 200 87040
  相关解决方案
本站暂不开放注册!
内测阶段只得通过邀请码进行注册!