Hi everybody !
There's actually an attack on my webserver and i don't know which attack it is... but :
- php5_cgi process take all the CPU : 5 process take 85% of CPU and load is : [code]load average: 6.09, 5.07, 2.64[/code]
- I have a lot of empty http header requested in the Nginx LOG : (2 second)
[code]
188.155.104.107 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
89.142.20.116 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
95.30.100.42 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
88.169.48.198 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
88.169.48.198 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
87.93.29.74 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
96.48.141.74 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
90.22.177.7 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
78.97.39.156 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
87.93.29.74 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
95.30.100.42 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
78.97.39.156 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
173.76.87.15 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
90.22.177.7 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
190.75.138.19 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
193.169.8.230 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
78.97.39.156 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
78.97.39.156 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
94.144.63.10 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
81.67.102.42 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
80.197.86.124 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
94.144.63.10 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
81.67.102.42 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
92.84.114.108 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
77.163.101.213 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
78.97.39.156 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
92.84.114.108 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
190.75.138.19 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
80.161.168.106 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
[/code]
Is it possible to block this empty http header ? Do you know which type of attack it is ?
Thanks a lot !
Arkos