[Fail2ban-users] Block Flood Attack

Mohd Zainal Abidin Thu, 14 Jul 2016 19:09:55 -0700

Hi,

How to block this kind of attack?


27.111.213.117 - - [15/Jul/2016:10:03:32 +0800] "GET /2014/07/ HTTP/1.1"
200 70977 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:27 +0800] "GET /2007/05/ HTTP/1.1"
200 62797 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:33 +0800] "GET /2014/06/ HTTP/1.1"
200 72461 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:28 +0800] "GET /2006/12/ HTTP/1.1"
200 65124 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:34 +0800] "GET /2014/05/ HTTP/1.1"
200 72931 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:34 +0800] "GET /2014/04/ HTTP/1.1"
200 70848 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:32 +0800] "GET /xmlrpc.php?rsd
HTTP/1.1" 200 866 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:36 +0800] "GET /2014/02/ HTTP/1.1"
200 69820 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:36 +0800] "GET /2014/01/ HTTP/1.1"
200 74012 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:37 +0800] "GET /2013/12/ HTTP/1.1"
200 74001 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:37 +0800] "GET /2007/10/page/2/
HTTP/1.1" 200 63882 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:37 +0800] "GET /2008/05/page/2/
HTTP/1.1" 200 63703 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:37 +0800] "GET /2008/04/page/2/
HTTP/1.1" 200 64863 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:37 +0800] "GET /2008/06/page/2/
HTTP/1.1" 200 64089 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:37 +0800] "GET /2007/12/page/2/
HTTP/1.1" 200 63587 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:29 +0800] "GET /2014/12/ HTTP/1.1"
200 73272 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:31 +0800] "GET /2006/11/ HTTP/1.1"
200 64642 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:37 +0800] "GET /2013/11/ HTTP/1.1"
200 68957 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:31 +0800] "GET /2006/09/ HTTP/1.1"
200 64719 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:38 +0800] "GET /2008/01/page/2/
HTTP/1.1" 200 62711 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:38 +0800] "GET /2013/10/ HTTP/1.1"
200 70712 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:39 +0800] "GET /2008/02/page/2/
HTTP/1.1" 200 64719 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:39 +0800] "GET /2007/11/page/2/
HTTP/1.1" 200 64808 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:39 +0800] "GET /2013/09/ HTTP/1.1"
200 68252 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:32 +0800] "GET /2014/08/ HTTP/1.1"
200 69468 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:39 +0800] "GET /2013/08/ HTTP/1.1"
200 67360 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:41 +0800] "GET /2013/07/ HTTP/1.1"
200 70473 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:41 +0800] "GET /2013/06/ HTTP/1.1"
200 72604 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:35 +0800] "GET /2014/03/ HTTP/1.1"
200 68842 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:42 +0800] "GET /2013/05/ HTTP/1.1"
200 74481 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:42 +0800] "GET /2007/09/page/2/
HTTP/1.1" 200 65605 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:42 +0800] "GET /2007/07/page/2/
HTTP/1.1" 200 64613 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:42 +0800] "GET /2007/08/page/2/
HTTP/1.1" 200 64851 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:42 +0800] "GET /2007/04/page/2/
HTTP/1.1" 200 65041 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:42 +0800] "GET /2007/06/page/2/
HTTP/1.1" 200 65219 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:42 +0800] "GET /2007/03/page/2/
HTTP/1.1" 200 66625 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:42 +0800] "GET /2013/03/ HTTP/1.1"
200 69079 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:43 +0800] "GET /2007/01/page/2/
HTTP/1.1" 200 65362 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:43 +0800] "GET /2013/02/ HTTP/1.1"
200 71130 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:43 +0800] "GET /2007/02/page/2/
HTTP/1.1" 200 65625 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:44 +0800] "GET /2006/10/page/2/
HTTP/1.1" 200 64309 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:44 +0800] "GET /2013/01/ HTTP/1.1"
200 73073 "-" "Mozilla/4.0 (compatible;)"
27.111.213.117 - - [15/Jul/2016:10:03:44 +0800] "GET /2012/12/ HTTP/1.1"
200 72434 "-" "Mozilla/4.0 (compatible;)"

We getting this kind of attack from different ip last night. Our website
load goes to 100 and it become slow to response.

-- 
Thank you
______________________

Mohd Zainal Abidin

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

[Fail2ban-users] Block Flood Attack

Reply via email to