Защита от DDoS атак

Andrei Nigmatulin anight at eyelinkmedia.com
Wed Mar 29 18:37:23 MSD 2006 

On Wednesday 29 March 2006 18:10, Митрофанов Михаил Владимирович wrote:
> Пару дней мои сервера бомбили такими запросами, до 4000 в секунду:

Поскольку Referer'ы пустые - можно предположить что атаковали не браузеры (они 
обязаны выставлять Referer, а по ним можно найти сайт, на котором установлен 
линк на Ваш). В Вашем случае можно попробовать добавить проверку на 
корректный Referer.

>
> 212.220.207.103 - - [24/Mar/2006:13:54:15 +0300] "POST
> /users/posts/edit/1135161334 HTTP/1.1" 302 5 "http://www.el 68.9.143.23 - -
> [24/Mar/2006:13:54:16 +0300] "GET /market/?searchfor=E8E7EEEBFFF2EEF0FB
> HTTP/1.1" 200 11412 "-" "- 84.190.74.124 - - [24/Mar/2006:13:54:16 +0300]
> "GET /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-"
> 68.85.245.55 - - [24/Mar/2006:13:54:16 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11405 "-" "
> 84.190.74.124 - - [24/Mar/2006:13:54:16 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11405 "-" 68.85.245.55
> - - [24/Mar/2006:13:54:17 +0300] "GET /market/?searchfor=E8E7EEEBFFF2EEF0FB
> HTTP/1.1" 200 11412 "-" " 220.254.0.4 - - [24/Mar/2006:13:54:17 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" "-
> 24.28.89.43 - - [24/Mar/2006:13:54:17 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" "-
> 220.254.0.4 - - [24/Mar/2006:13:54:17 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" "-
> 220.254.0.4 - - [24/Mar/2006:13:54:17 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" "-
> 68.45.47.242 - - [24/Mar/2006:13:54:17 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" "
> 68.45.47.242 - - [24/Mar/2006:13:54:17 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" "
> 68.45.47.242 - - [24/Mar/2006:13:54:17 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" "
> 84.190.74.124 - - [24/Mar/2006:13:54:17 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" 83.27.110.151
> - - [24/Mar/2006:13:54:17 +0300] "GET /market/?searchfor=E8E7EEEBFFF2EEF0FB
> HTTP/1.1" 200 11405 "-" 84.190.74.124 - - [24/Mar/2006:13:54:17 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" 84.190.74.124
> - - [24/Mar/2006:13:54:17 +0300] "GET /market/?searchfor=E8E7EEEBFFF2EEF0FB
> HTTP/1.1" 200 11412 "-" 83.27.110.151 - - [24/Mar/2006:13:54:17 +0300] "GET
> /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" 68.45.47.242
> - - [24/Mar/2006:13:54:17 +0300] "GET /market/?searchfor=E8E7EEEBFFF2EEF0FB
> HTTP/1.1" 200 11412 "-" " 222.161.3.43 - - [24/Mar/2006:13:54:17 +0300]
> "GET /market/?searchfor=E8E7EEEBFFF2EEF0FB HTTP/1.1" 200 11412 "-" "
>
> Что посоветуете для защиты soft\hard?
>
> --
> С Уважением,
> Митрофанов Михаил Владимирович
> Тел.: +7 (81153) 3-92-80
> Факс: +7 (81153) 3-33-13
> ICQ: 42781297
> E-mail: mm at elec.ru
> Web: http://www.elec.ru

-- 
Andrei Nigmatulin
GPG PUB KEY 6449830D

No Microsoft products were used in any way
for the creation of this message. If you are
using a Microsoft product to view it, BEWARE!
I'm not responsible for any harm you might
encounter as a result.

More information about the nginx-ru mailing list