[arch-mirrors] DoS- mirror.chaoticum.net
Eric Thirifays
thireric at gmail.com
Tue Oct 22 07:21:52 UTC 2019
Hello,
I have already founded this log on my reverse proxy with loggin
administrator.
On my case, it's linked to test to connect to a Windows Server TSE. I
compare log time and connection time on my FW and user test add more
information.
Many IP are banned with this log.
On my case, isn't a dos, just a brute force.
Eric.
On Mon, 21 Oct 2019 at 16:12, Andreas Pfister <andi-pfister at gmx.ch> wrote:
> Hi everyone,
> Today, my logfile (apache2) was full with thousands of thousands of
> requests like this:
>
> 85.14.109.184 - - [21/Oct/2019:14:57:33 +0200]
>
> "\xad|\xf8*!\xc7\xf4%\xb4\x0e\x8aj\xc2\xa80\xc2k\xbbh\xdd\xfa\x06\xc3b\x0e\xd8L\x87\xd4\xbd\xd0\x02\x86\xfc\xc6\xe6\xd2\xc1\xad8\v0\r\xfb\xb83\x9d\xca^\xa8h\x97\x99\xad\x9a\xfd\xed\xe1\xd4\xbf^'\xfeg\xbe#\xf0\x9d\x80qM\xb2\xe3A\x8a$Z\x94\xc1*\xae\x11\xf4\x82\xe9\xd14wV\xef\x0ez\xe0\x83\xfe\x07\xab\x86d\xdfN\xb0N6\v\xa8\x1e{\xb0\xc1\xe9\xa3(\xd7E\xc7\xa2\x17\xce\xe5X\xdd@
> \xc3\x12\xc5\xa8f\x84\xa7\x0e\xe9\xe3:\"\xb89\xb3\xa4u0\x91\xe4\xac\xe2\xb4P\v\x8c\n"
> 400 0 "-" "-"
>
> For this reason, my mirror was not reachable much time. Sorry.
>
> For me looks like a dos attack, but i am not sure. Anyone see this
> anytime in his logfiles or have any further idea/information?
>
> Now, i solved the problem by blocking 851 different ip's and i think now
> running stable.
>
> Greetings
>
> Andi Pfister
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.archlinux.org/pipermail/arch-mirrors/attachments/20191022/538bced5/attachment.htm>
More information about the arch-mirrors
mailing list