Apakah ini serangan DDOS, saya tidak tahu persis tapi sejak kemarin web server kantorku aksesnya sangat lambat sehingga mempengaruhi kinerja webmail juga. Untuk pop server-nya berjalan normal. Kalau saya lihat access_log-nya sangat mencurigakan namun sayangnya saya ngga tahu persis apa yang terjadi. Apakah ada kemungkinan menjadi spam open relay juga ? Saya sudah coba cari petunjuk di arsip tanya-jawab tapi keterangannya kurang jelas. Mohon petunjuknya, please help me. Terima kasih banyak sebelumnya.
Access_log : 61.157.232.156 - - [07/Oct/2005:10:20:45 +0700] "POST HTTP/1.1" 400 413 "-" "-" 65.110.36.200 - - [07/Oct/2005:10:20:45 +0700] "CONNECT 200.152.181.5:25 HTTP/1.0" 403 404 "-" "-" 85.206.18.218 - - [07/Oct/2005:10:20:20 +0700] "GET http://www.carsbase.com/ HTTP/1.0" 302 0 "http://owerfuler"; "Mozilla/Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 216.117.135.120 - - [07/Oct/2005:09:59:47 +0700] "POST http://202.159.24.7:25/ HTTP/1.1" 70007 721 "-" "-" 24.81.131.78 - - [07/Oct/2005:09:59:21 +0700] "GET http://edit.europe.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.sr c=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager. yahoo.com/jpager/pager2.shtml&login=neveraflaw&passwd=Password1 HTTP/1.0" 200 13880 "-" "-" 58.215.65.10 - - [07/Oct/2005:10:20:56 +0700] "GET http://www.mm89.com/tif/czx/down.asp?id=2675&ie=952&show=1 HTTP/1.1" 502 419 "http://www.hackeroo.com"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1;Windows 5.5;Windows 6.0)" 68.251.234.31 - - [07/Oct/2005:10:14:57 +0700] "GET http://216.109.127.60/config?.src=launch&partner=&.v=&.u=&.intl=us&.done=htt p://music.yahoo.com/registration/process.asp?dest=http://music.yahoo.com/&lo gin=kevin_2_&passwd=hacker HTTP/1.0" 200 19070 "-" "-" 66.219.100.118 - - [07/Oct/2005:10:20:58 +0700] "POST http://202.159.24.29:25/ HTTP/1.1" 200 184 "-" "-" 66.219.100.118 - - [07/Oct/2005:10:20:58 +0700] "QUIT" 501 402 "-" "-" 87.1.131.200 - - [07/Oct/2005:10:20:09 +0700] "POST http://www.almerecollege.nl HTTP/1.0" 200 10237 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; .NET CLR 1.0.3705)" Berikut ini error_log-nya : [Fri Oct 07 10:21:11 2005] [error] [client 58.215.65.10] proxy: error reading status line from remote server wwww.mm89.com, referer: http://www.hackeroo.com [Fri Oct 07 10:21:11 2005] [error] [client 58.215.65.10] proxy: Error reading from remote server returned by http://wwww.mm89.com/88/czx/down.asp?id=1828&ie=952&show=1, referer: http://www.hackeroo.com [Fri Oct 07 10:21:11 2005] [error] [client 61.157.232.156] Invalid URI in request POST HTTP/1.1 [Fri Oct 07 10:21:24 2005] [error] [client 61.157.232.156] Invalid URI in request POST HTTP/1.1 [Fri Oct 07 10:21:29 2005] [warn] proxy: No protocol handler was valid for the URL 12.102.240.23:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. [Fri Oct 07 10:22:08 2005] [warn] proxy: No protocol handler was valid for the URL 200.195.246.242:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. [Fri Oct 07 10:22:47 2005] [error] [client 61.236.127.115] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): / [Fri Oct 07 10:22:50 2005] [error] [client 61.157.232.156] Invalid URI in request POST HTTP/1.1 [Fri Oct 07 10:22:52 2005] [error] [client 58.215.65.10] proxy: error reading status line from remote server wwww.mm89.com, referer: http://www.hackeroo.com [Fri Oct 07 10:22:52 2005] [error] [client 58.215.65.10] proxy: Error reading from remote server returned by http://wwww.mm89.com/88/czx/down.asp?id=1828&ie=952&show=1, referer: http://www.hackeroo.com -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip, FAQ, dan info milis di http://linux.or.id/milis Tidak bisa posting? Baca: http://linux.or.id/problemmilis http://linux.or.id/tatatertibmilis
