Welcome! Log In Create A New Profile

мля атака =(

Forum List Message List New Topic Print View

harius

December 08, 2010 04:08PM

Registered: 14 years ago
Posts: 24

наверное пинать будете не в тему рассылки, но сжальтесь!!!

с 12 часов лежимс =(

че делать уже идеи кончались
перекрутил sysctl уже во все стороны
сервак начал немного ползать, но как только
nginx запускаю в консоль сразу начинает валится

Dec 8 23:56:08 mail kernel: interrupt storm detected on "irq257:";
throttling interrupt source
Dec 8 23:56:08 mail kernel: Limiting open port RST response from 169 to 50
packets/sec
Dec 8 23:56:09 mail kernel: interrupt storm detected on "irq257:";
throttling interrupt source
Dec 8 23:56:09 mail kernel: Limiting open port RST response from 230 to 50
packets/sec

в логах полно:

80.138.138.94 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
190.6.98.66 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
86.145.74.140 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
94.166.77.69 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
91.180.86.39 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
85.53.186.1 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
212.183.51.17 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
41.236.145.161 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
86.145.74.140 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
86.145.74.140 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
174.94.89.6 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
79.163.193.213 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
217.127.141.138 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-"
"IE 7.0"
41.174.55.82 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
41.137.57.40 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
188.216.9.195 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
174.94.42.254 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
85.53.186.1 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
90.185.113.115 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
190.9.13.80 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
87.93.70.183 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
41.234.38.71 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.0" 0 0 "-" "IE
7.0"
83.49.187.205 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
77.255.195.130 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
187.32.225.121 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.0" 0 0 "-" "IE
7.0"
91.3.209.102 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
151.50.222.208 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
83.45.131.156 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
89.152.45.217 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
77.27.197.189 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"
190.132.119.21 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE
7.0"

что сделано
1. fail2ban натравлен на поиск агента "IE 7.0" - блочит, но не спасает
2. временно location = / { return 200; } - не спасает
3. if ($http_user_agent = "IE 7.0" ) { return 412;}

if ($http_referer = "") { return 412;} - тож не стасает
4. sysctl - накручен

sysctl -n kern.ipc.numopensockets
90228

# netstat -Lan
Current listen queue sizes (qlen/incqlen/maxqlen)
Proto Listen Local Address
tcp4 0/0/128 *.4949
tcp4 0/0/4096 88.212.196.18.443
tcp4 0/0/4096 88.212.196.18.80
tcp4 0/0/128 *.22
tcp4 0/0/500 *.25
tcp4 0/0/5 88.212.196.18.5666
tcp4 0/0/20 127.0.0.1.53
tcp4 0/0/511 127.0.0.1.80
Some tcp sockets may have been created or deleted.
unix 0/0/1 /var/run/fail2ban/fail2ban.sock
unix 0/0/4 /var/run/devd.pipe

# netstat -m
1377/36183/37560 mbufs in use (current/cache/total)
754/33038/33792/33792 mbuf clusters in use (current/cache/total/max)
36/1628 mbuf+clusters out of packet secondary zone in use (current/cache)
0/0/0/16896 4k (page size) jumbo clusters in use (current/cache/total/max)
0/0/0/8448 9k jumbo clusters in use (current/cache/total/max)
0/0/0/4224 16k jumbo clusters in use (current/cache/total/max)
1852K/75121K/76974K bytes allocated to network (current/cache/total)
0/17954981/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
0/0/0 requests for jumbo clusters denied (4k/9k/16k)
0/0/0 sfbufs in use (current/peak/max)
0 requests for sfbufs denied
0 requests for sfbufs delayed
1377 requests for I/O initiated by sendfile
0 calls to protocol drain routines

как еще бороться ?????
_______________________________________________
nginx-ru mailing list
nginx-ru@nginx.org
http://nginx.org/mailman/listinfo/nginx-ru

Reply Quote

RSS

Subject	Author	Posted
мля атака =(	harius	December 08, 2010 04:08PM
Re: мля атака =(	harius	December 08, 2010 04:14PM
Re: мля атака =(	Maxim Dounin	December 08, 2010 04:52PM
Re: мля атака =(	harius	December 08, 2010 05:20PM
Re: мля атака =(	harius	December 08, 2010 05:40PM
Re[2]: мля атака =(	Михаил Монашёв	December 09, 2010 01:26AM
RE: Re[2]: мля атака =(	maxhl	December 09, 2010 02:44PM
Re[2]: мля атака =(	Михаил Монашёв	December 09, 2010 01:36AM
Re: мля атака =(	Илья Шипицин	December 08, 2010 10:34PM
Re: мля атака =(	Михаил Монашёв	December 09, 2010 01:28AM
Re: мля атака =(	greenh	December 09, 2010 06:12AM
Re: мля атака =(	Александр Курило	December 09, 2010 08:52AM
Re: мля атака =(	harius	December 09, 2010 09:44AM
Re[2]: мля атака =(	Михаил Монашёв	December 09, 2010 11:16AM
Re: Re[2]: мля атака =(	harius	December 09, 2010 02:32PM
Re[4]: мля атака =(	Михаил Монашёв	December 09, 2010 03:08PM
Re: Re[4]: мля атака =(	harius	December 09, 2010 04:30PM
Re: Re[4]: мля атака =(	greenh	December 09, 2010 04:58PM
Re[6]: мля атака =(	Михаил Монашёв	December 09, 2010 05:14PM
Re: Re[6]: мля атака =(	greenh	December 09, 2010 05:18PM
Re: Re[6]: мля атака =(	greenh	December 09, 2010 05:20PM
Re: мля атака =(	Eugene Mychlo	December 10, 2010 01:16AM
Re: мля атака =(	harius	December 10, 2010 02:26AM
Re[2]: мля атака =(	Михаил Монашёв	December 10, 2010 02:28AM
Re: мля атака =(	Alex Vorona	December 10, 2010 02:54AM
Re: мля атака =(	greenh	December 10, 2010 03:36AM
Re: мля атака =(	harius	December 10, 2010 04:02AM
Re: мля атака =(	Aleksandr Sytar	December 10, 2010 06:02AM
Re: мля атака =(	Вадим Лазовский	December 10, 2010 03:34AM
Re: мля атака =(	Александр Курило	December 10, 2010 03:54AM
Re: мля атака =(	Boris Dolgov	December 10, 2010 04:00AM
Re: мля атака =(	Aleksandr Sytar	December 10, 2010 06:00AM
Re: мля атака =(	Boris Dolgov	December 10, 2010 06:10AM
Re: мля атака =(	Igor Sysoev	December 10, 2010 03:40AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 178

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018