What kind of spam is this?

Use this forum to make posts not related to PivotX. Do you use a tool that someone else might like or need to test something like your signature or some bbcode? This is the right place for you! Spamming will not be tolerated.

What kind of spam is this?

Postby ljhelbo » Wed Sep 18, 2013 9:14 pm

During the last few days my server gets bombarded - this is from apache access log:

41.252.246.153 - - [18/Sep/2013:23:02:55 +0200] "POST / HTTP/1.1" 200 1733
93.141.82.13 - - [18/Sep/2013:23:02:55 +0200] "POST / HTTP/1.1" 200 1719
41.108.3.204 - - [18/Sep/2013:23:02:55 +0200] "POST / HTTP/1.1" 200 1716
80.57.29.93 - - [18/Sep/2013:23:02:55 +0200] "POST / HTTP/1.1" 200 1717
186.113.42.60 - - [18/Sep/2013:23:02:55 +0200] "POST / HTTP/1.1" 200 1732
76.208.204.10 - - [18/Sep/2013:23:02:55 +0200] "POST / HTTP/1.1" 200 1716
76.208.204.10 - - [18/Sep/2013:23:02:55 +0200] "POST / HTTP/1.1" 200 1715
93.64.141.2 - - [18/Sep/2013:23:02:55 +0200] "POST / HTTP/1.1" 200 1716
85.43.254.153 - - [18/Sep/2013:23:02:08 +0200] "POST / HTTP/1.1" 200 13459
87.30.218.178 - - [18/Sep/2013:23:02:57 +0200] "POST / HTTP/1.1" 200 1717
47.65.9.239 - - [18/Sep/2013:23:02:58 +0200] "POST / HTTP/1.1" 200 1728
80.101.119.13 - - [18/Sep/2013:23:02:58 +0200] "POST / HTTP/1.1" 200 1728
217.141.30.190 - - [18/Sep/2013:23:02:58 +0200] "POST / HTTP/1.1" 200 1736
81.149.177.44 - - [18/Sep/2013:23:02:58 +0200] "POST / HTTP/1.1" 200 1736
193.205.8.164 - - [18/Sep/2013:23:02:58 +0200] "POST / HTTP/1.1" 200 1735
82.207.122.202 - - [18/Sep/2013:23:02:58 +0200] "POST / HTTP/1.1" 200 1716
37.207.253.178 - - [18/Sep/2013:23:03:42 +0200] "POST / HTTP/1.1" 200 1356


The server has turned pretty slow because of this. The main problem is however that I do not understand the purpose of it. I presume somebody must be trying to achieve something, but what and why?
ljhelbo
 
Posts: 104
Joined: Sat Feb 26, 2011 2:58 pm
Location: Denmark

Re: What kind of spam is this?

Postby ljhelbo » Thu Sep 19, 2013 8:56 am

I have come a little further by now. I have found out which domain, they were bombarding. I have now renamed the www-folder with the files for that domain. Now my apache_error.log has a long liste with "file does not exist". But at least all other domains now run as they should.

On the domain, which they are trying to attack, there is a Pivotx-installation and an installation of webtrees. Over the weekend, I will try to rebuild them fom scratch and then see, if I can trace the reason.
ljhelbo
 
Posts: 104
Joined: Sat Feb 26, 2011 2:58 pm
Location: Denmark


Return to The Drain

Who is online

Users browsing this forum: No registered users and 2 guests