Welcome! Log In Create A New Profile

Massive empty HTTP header

Posted by Arkos

Arkos

Massive empty HTTP header
December 11, 2010 02:13PM

Registered: 13 years ago
Posts: 3

Hi everybody !

There's actually an attack on my webserver and i don't know which attack it is... but :
- php5_cgi process take all the CPU : 5 process take 85% of CPU and load is : [code]load average: 6.09, 5.07, 2.64[/code]
- I have a lot of empty http header requested in the Nginx LOG : (2 second)
[code]
188.155.104.107 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
89.142.20.116 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
95.30.100.42 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
88.169.48.198 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
88.169.48.198 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
87.93.29.74 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
96.48.141.74 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
90.22.177.7 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
78.97.39.156 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
87.93.29.74 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
95.30.100.42 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
78.97.39.156 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
173.76.87.15 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
90.22.177.7 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
190.75.138.19 - - [11/Dec/2010:20:11:28 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
193.169.8.230 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
78.97.39.156 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
78.97.39.156 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
94.144.63.10 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
81.67.102.42 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
80.197.86.124 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
94.144.63.10 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
81.67.102.42 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
92.84.114.108 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
77.163.101.213 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
78.97.39.156 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
92.84.114.108 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
190.75.138.19 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
80.161.168.106 - - [11/Dec/2010:20:11:29 +0100] "GET / HTTP/1.1" 200 11131 "-" "-"
[/code]

Is it possible to block this empty http header ? Do you know which type of attack it is ?

Thanks a lot !
Arkos

Reply Quote

Newer Topic Older Topic

Print View RSS

Sorry, only registered users may post in this forum.

Click here to login

Online Users

itpp2012

Guests: 101

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018