Re: [mod-security-users] anyone saw this dos-ish attack + how to block
Brought to you by:
victorhora,
zimmerletw
From: Troy A. <tr...@ze...> - 2005-06-24 22:49:48
|
On Fri, Jun 24, 2005 at 03:23:59PM -0700, Hugh Beaumont wrote: > I've been getting a lot of lines like this in my logs: > > - 200.39.103.224 - - [24/Jun/2005:02:45:22 -0400] "-" 408 - "-" "-" > - 148.244.150.58 - - [24/Jun/2005:02:45:23 -0400] "-" 408 - "-" "-" > - 148.244.150.58 - - [24/Jun/2005:02:45:31 -0400] "-" 408 - "-" "-" > - 168.212.79.8 - - [24/Jun/2005:02:45:58 -0400] "-" 408 - "-" "-" > > Anyone know a quick mod_security method to block these. I hate to just > ask without any > research on my part but its causing some big problems on this > particular server so I thought I > would fire off a quick message in case anyone has saw this before and > has a solution. status code 408 is a request timeout. The log entries above don't look like a DOS attack, but rather the symptom of another problem with your web server. Perhaps the the server is overloaded? You have some poorly written script that makes the server work too hard ? Just guesses, but that's where I'd start looking. -troy |