FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Multiple index.php requests in one second?





Diablosblizz
I don't really know if this is something I should be worried about, but I checked my apache usage logs to check if anybody still visits my site after being down for a while. Apparently, one guests likes to visit at least 15 times per second.

I know for a fact that is a attempt of a DoS (Denial of Service). It's just too many times to be visiting the index page that has 4 lines of text on it as well as a bidvertiser ad. Below is an example of the log:

Quote:
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
199.235.123.238 - - [04/Feb/2008:10:49:57 -0600] "GET / HTTP/1.1" 200 1183 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"


As you can see, the 'DoS' sent approx. 25 gets to my Frihost account. This took place over one minute, which is pretty pathetic. I am just wondering if this is anything I should be worrying about? If they do try to 'DoS' again then I might ban their IP address, but that would still give them the forbidden error which basically does nothing if they are using the GET method.

I get a Error: Access Forbidden when I attempt to go to the IP address, so at least I know their using Apache. Wink

Thanks!
rvec
199.235.123.238 is the ip of a school in canada:
http://www.haltondsb.on.ca/
http://www.dnsstuff.com/tools/whois.ch?ip=199.235.123.238

Probably some mistake there or one guy thinking he's funny. The IT-staff will most likely take care of it.

Although this ip has also been used for spam-comments so I don't know how good this IT-staff is Razz
Diablosblizz
Neutral That is my school board... should I be worried?
rvec
lol
Nah just look at the logs again in a couple of days and if it happens again you might tell school and maybe if it really gets out of hand you got display an empty page to them.
Diablosblizz
Alright, I'll continue to check up and hopefully they will stop. Smile
Related topics
http://tuvanonline.com/library/index.php
PHP index page not displaying problem
help with php
403 Error On My Smf Forums Index.php
i cant load my index.php
forums/index.php to /forums
Index.php not found
http://www.funworld.frih.net/index.php
my website won't display... problem with index.php
fatal error in Joomla installation "index.php"
How to Auto direct traffic to index.php?
Google Indexing .Com and .Com/index.php --> Redirect
[TuT]JOOMLA Installation Guide(Easiest Way)
Site won't redirect to /index.php
Reply to topic    Frihost Forum Index -> Support and Web Hosting -> Web Hosting Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.