next »

[volomir]

salut, intrand pe server am vazut un numar ffff mare de procese apache ...
am dat un tail pe log-uri si iata ce imi afiseaza
89.136.33.148 - - [04/Mar/2008:23:43:20 -0200] "\x13BitTorrent protocol" 400 226
86.126.59.150 - - [04/Mar/2008:23:43:28 -0200] "a\xefcV\xf4\xd8\x8d. \xe6+)0A1RY\xd6.%\xef=\xc1\xfe&\x96\xd7\x9b \xd6e\xf1#\xeaY\xbb\xbf\xbf\x15\x7f\x06Z\xb2\xf9\xae+\xff\x999\xad\xdarR\xc0\x81F\x95B\xb9\xf1Q\xe4\xa9\xc9-\xaf1\xf1D?M\xdbkr\xd7\x8f\xeec_\xa7\x9aoJ\x02\xd0\v\xc4>\xe0\xd5\xfd\xc4\xde\xb9J\xd3\b50*\xd7Z\xc2\x19\xadX\xaf\x18?L\xd1\xedN\x93\xe4\x8f\x95\x90H\xcc\xb5\x12l\x86\xe1\xadu\xd9\x94%D\x99\xf2p\x15\x11\xa0\x95Z\xa5\xfak8\xf2i" 400 323
89.45.234.67 - - [04/Mar/2008:23:43:34 -0200] "\xdc+\xa7=o*\xdacDNk\x83\r<\xff\xbd\xc3\xda\x80H\x1cu\xdaeY-\xfc\xb4\x03ZW\xc91\x97\x0e\x8b\xa0\x92x\xd7zX\x92\x9dI\xb15oW\xbc\xe1\xbfe\xb3\x12dvD\xcc\x0e\xee\xf3\xab(\b\x8e\xcb\xc7;@\"C\xb6\xb3,\x16f\x97\xb9\x80,\xe9\x13\xe0\xb7r\xba\xdd{K\x9fT\x1a.\xe3\xda\xa5@P\x01\xe3\xd0\x15\xdbl\xe0\xd3\x1a\x8f\x04:\xc0_\xeb//\xc1\xba\xd46\xbf\x90H~\xd3\x16\xc4\x13nq\\e\x95\xa0\xe8J\x84\x83F\xc5\xaa%I]\xdd\xac\xd5k\xea\x17a\xb8\xbd\xf3{AN\xc7\xaa\xf5&X\xaf\xed\xcb\x13\xe9'\b\xe5\xbf\xff|!\xd5@*\tm\xf3\x86\xce\xa3\xb1\xe4UE7`\x06\xe2-\xdb\xf1\xc7\x9eJ\xfc\x93*v\xc6l\xe1Q\x90;\x80u\x94\x1d\x91\x84\x9beW\xa1\xcbV\x8b\x0e!\xbdT==\xe3}\x91?\xdf;\xbfN['\xab~\xa4vM|;o\xcb\x19c;X\xac\x11l^\x81\x9a\x07\x16" 400 226
access.log al apache fiind acesta
si acum din error.log
[Tue Mar 04 23:43:50 2008] [error] [client 77.93.163.32] request failed: error reading the headers
[Tue Mar 04 23:44:09 2008] [error] [client 141.85.5.170] Invalid URI in request \xfegS\xb9\xf7\x83\x04D\x83\xcc\xc1\xe7\xe2+\xea<pd\xa0\x81\x16\xe9g\xb5\xae\x8aXz\xe8+`\xf4\xaaP\x80\xd5\xf6\x7fRp\x95\xe0(w_@`\x0c\xdf\x93\x8f8\x18.H\x85)~\x0ff\x17\x05\xb2\x1bQ
[Tue Mar 04 23:44:10 2008] [error] [client 86.104.34.250] request failed: error reading the headers
[Tue Mar 04 23:44:10 2008] [error] [client 89.38.252.36] request failed: error reading the headers
numarul de procese apache initial era 258 , si o sa va zic ce am facut ca sa il aduc la 152 ( acum nu mai trece de 152 )
1)
iptables -N httpd_limit
iptables -A INPUT -p udp -m udp --dport 80 -j httpd_limit
iptables -A INPUT -p tcp -m tcp --dport 80 -j httpd_limit
iptables -A httpd_limit -m hashlimit --hashlimit 10/sec --hashlimit-burst 40 --hashlimit-mode srcip --hashlimit-name httpdlimit -j RETURN
iptables -A httpd_limit -j DROP
2) am instalat mod_security2 cu un minim de configurare
3) echo "1" > /proc/sys/net/ipv4/tcp_abort_on_overflow
4) in httpd.conf am adaugat:
ExtendedStatus On
ServerTokens ProductOnly
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0

daca stie cineva ce este de facut ? care este cauza ? cum pot opri ... as aprecia.

[gheorghe]

Pai, cauza, din cate-am mai intrebat colegi care se pricep mai bine, ar fi ca cineva si-a redirectionat trackerul de torrent cu iptables spre serverul tau Cica se mai practica.

Nu stiu exact cum poti opri, poate ai suparat pe cineva, vorbeste cu el

[volomir]

merci ca te-ai interesat, vad ca s-a oprit ...

root@playground:~# ps aux | grep httpd | wc -l
8

totusi, mai astept raspunsuri referitor la ce anume ar trebui sa facem in aceste cazuri ( daca stie cineva )
p.s. merci gheorghe inca odata

[volomir]

uraaaaaa, a inceput iar
totusi, ce e de facut ?

[Emil CHERICHEȘ]

iptables -m limit  pe regula din firewall care permite accesul al portul 80