Welcome! Log In Create A New Profile

Advanced

DDoS filter

Posted by fakrulalam 
DDoS filter
September 21, 2011 03:01PM
Hi,
My web server is under DDoS attack. I have install nginx and redirect all the traffic to my original web server. Still I am getting lots of TCP session.

94.158.91.127 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
88.2.127.24 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
124.122.153.186 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
85.101.102.58 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
187.59.24.228 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
124.122.153.186 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
190.57.224.162 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
189.152.225.239 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
186.145.137.186 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
123.222.210.201 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
80.174.35.179 - - [22/Sep/2011:00:38:00 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
195.182.194.186 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
85.238.115.216 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
91.147.226.122 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
140.125.41.37 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
46.203.195.137 - - [22/Sep/2011:00:38:06 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
87.244.135.4 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
123.222.210.201 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
41.218.195.209 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "http://www.rambler.ru/" "Yandex/2.01.000 (compatible; Win16; Dyatel; Z)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
187.111.203.34 - - [22/Sep/2011:00:38:08 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
91.221.210.179 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
92.47.175.14 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
88.2.127.24 - - [22/Sep/2011:00:38:09 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"
202.4.96.6 - - [22/Sep/2011:00:38:10 +0600] "GET / HTTP/1.0" 200 43632 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)"

Is there any we that I can drop GET / HTTP/1.0 from nginx and bad traffic will not forward to my web server.
Re: DDoS filter
December 16, 2011 10:00AM
you can use iptables to block the ip
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 277
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready