Automatically block these kind of requests

Discussion in 'General' started by genious, Aug 14, 2013.

  1. genious

    genious New Member

    Hello,

    I'm getting thousands of these:


    5.9.137.23 - - [14/Aug/2013:08:46:40 +0000] "GET / HTTP/1.1" 200 18096 "fpf0nlzi9h.co.uk" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
    5.9.137.23 - - [14/Aug/2013:08:46:40 +0000] "GET / HTTP/1.1" 200 12277 "er175qckh2.co.uk" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19"
    5.9.137.23 - - [14/Aug/2013:08:46:40 +0000] "GET / HTTP/1.1" 200 2529 "7o9qemnlks.rs" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19"
    5.9.137.23 - - [14/Aug/2013:08:46:40 +0000] "GET / HTTP/1.1" 200 8192 "fvs7in024s.rs" "Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"
    5.9.137.23 - - [14/Aug/2013:08:46:40 +0000] "GET / HTTP/1.1" 200 12422 "12hvoc1laz.org" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0"
    5.9.137.23 - - [14/Aug/2013:08:46:40 +0000] "GET / HTTP/1.1" 200 1456 "kh901kg4iw.ru" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2"
    5.9.137.23 - - [14/Aug/2013:08:46:40 +0000] "GET / HTTP/1.1" 200 8192 "ler4lkcb24.ru" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
    5.9.137.23 - - [14/Aug/2013:08:46:40 +0000] "GET / HTTP/1.1" 200 1456 "ka1uidpqvm.org" "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    5.9.137.23 - - [14/Aug/2013:08:46:41 +0000] "GET / HTTP/1.1" 200 3269 "dowrqbxk0a.nl" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19"
    5.9.137.23 - - [14/Aug/2013:08:44:41 +0000] "GET / HTTP/1.1" 200 0 "qblcvgyd4p.ru" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5"
    5.9.137.23 - - [14/Aug/2013:08:44:41 +0000] "GET / HTTP/1.1" 200 8192 "nvx8rps5s0.de" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
    5.9.137.23 - - [14/Aug/2013:08:46:41 +0000] "GET / HTTP/1.1" 200 1992 "fi17wgdwde.rs" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; Media Center PC 6.0; InfoPath.2; MS-RTC LM 8)"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 8192 "68lb06bnyh.co.uk" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 8192 "4m010fpry5.info" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.56.5 (KHTML, like Gecko) Version/5.1.6 Safari/534.56.5"
    5.9.137.23 - - [14/Aug/2013:08:46:41 +0000] "GET / HTTP/1.1" 200 8192 "iewiinprbm.net" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5"
    5.9.137.23 - - [14/Aug/2013:08:46:41 +0000] "GET / HTTP/1.1" 200 2529 "qicd037n5t.org" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5"
    5.9.137.23 - - [14/Aug/2013:08:46:41 +0000] "GET / HTTP/1.1" 200 1456 "1g5wgau5a9.me" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2"
    5.9.137.23 - - [14/Aug/2013:08:46:41 +0000] "GET / HTTP/1.1" 200 8192 "38g6h0lgki.rs" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.7 Safari/532.2"
    5.9.137.23 - - [14/Aug/2013:08:46:41 +0000] "GET / HTTP/1.1" 200 1456 "b5xesve0me.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 12422 "2lvkcg22yp.info" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 8192 "2s02390cns.info" "Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 12277 "ikqumhurpj.nl" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 18096 "858l4djqfa.rs" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0"
    5.9.137.23 - - [14/Aug/2013:08:44:42 +0000] "GET / HTTP/1.1" 200 672 "o53ngqgmxm.me" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20100101 Firefox/12.0"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 1107 "hs4gi4jtd7.co.uk" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 1992 "qkjldtizpi.rs" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 3160 "f79fwdcdet.org" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 8192 "wxhd3wq862.de" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)"
    5.9.137.23 - - [14/Aug/2013:08:46:43 +0000] "GET / HTTP/1.1" 200 8192 "cft4dkn893.nl" "Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8"
    5.9.137.23 - - [14/Aug/2013:08:46:43 +0000] "GET / HTTP/1.1" 200 8192 "iit2rcsieo.de" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 25619 "bfbo03ddzi.co.uk" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 38985 "3infv6wowl.nl" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0"
    5.9.137.23 - - [14/Aug/2013:08:46:42 +0000] "GET / HTTP/1.1" 200 507 "4xsnd43s3t.net" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0"

    I have limited the dynamic/static request limit per IP, but I'm still getting hits from this IP, I also managed to place the IP in not allowed IP lists in LiteSpeed.

    However, is it possible to do this thing automatically, because this usually causes a downtime and the time we intervein...

    Thank you,
    Hamza
  2. NiteWave

    NiteWave Administrator

    set limit to soft/hard connections per IP (e.g., 20 / 30)
    the web server will block the IP for "Banned Period (sec)" automatically
  3. genious

    genious New Member

    That's my boy.

Share This Page