OVH Community, your new community space.

Esto es un DDoS ?


tfwfactory
20/12/2013, 12:30
Te dejo un pequeño script que hice hace poco para bloquear por php entradas a tu sitio web , puedes utilizar .htaccess también pero esto también viene bien para bloquear todo un script , estoy desarrollando un firewall en php y esta es una breve pincelada pero es operativa



$range_ip_block=array(

"127.0.0.1-0-99999-1",
"127.0.0.8-127.0.0.1-127.0.0.84-2",

);

/// para testear
///$ip_scan="".$_REQUEST['ip']."";
/// en producción
$ip_scan="".$_SERVER['REMOTE_ADDR']."";

$ip_exp_digitos=explode(".",$ip_scan);

$ip_count_digitos=count(explode(".",$ip_scan));

$ip_result="".$ip_exp_digitos[($ip_count_digitos)-1]."";



for($i=0;$i {

$explode_range=explode("-",$range_ip_block[$i]);



/// Bloqueo por la IP Natural de Entrada ///
if ($ip_scan=="".$explode_range[0]."")
{
$result_block="ok";
}
///


/// Bloqueo por el Rango de IP ///
if ($explode_ranges[3]=="1")
{


if ($explode_range[1]=="".$ip_result."" or $explode_range[2]>="".$ip_result."")
{
$result_block="ok";
}

}
///



/// Bloqueo por el Rango de IP ///
if ($explode_range[3]=="2")
{

$clean_ip_entry=str_replace(".","",$ip_scan);
$clean_ip_1=str_replace(".","",$explode_range[1]);
$clean_ip_2=str_replace(".","",$explode_range[2]);




if ($explode_range[1]=="".$ip_scan."")
{
$result_block="ok";
}
else
{

if ($clean_ip_entry>=$clean_ip_1 && $clean_ip_entry<=$clean_ip_2)
{
$result_block="ok";
}


}



}
///

}


if( $result_block=="ok")
{
exit();
}




?>


En el script tienes dos tipos de reglas , la primera es para el bloqueo por los últimos dígitos , si termina en 01 pues sería establecer el rango de esa ip por el último dígito y todo ese rango , en el caso de la segunda regla es si quieres restringir una ip entre dos rangos de ips , de forma que las que esten en medio queden bloqueadas , en breve tendré también listo el bloqueo por otros medios como post , cabeceras , proxys , etc con un sistema administrado , pero esto te servirá

Regla 1
"127.0.0.1-0-99999*1",

Regla 2
"127.0.0.8-127.0.0.1-127.0.0.84-2",


La primera es la ip a banear , en la regla numero 1 se revisa el último dígito y estableces el rango entre o y 99999 en el ejemplo , el uno al final es la regla

La segunda es lo mismo primero la ip a banear y despues estableces el rango desde la ip de inicio al rango final a bloquear y al final el número 2 es la regla que rige este método , puedes poner la ip que quieras bajo esta estructura solo añades otra linea con una coma al final


Si tienes dudas me dices , saludos

Traxteante
20/12/2013, 11:35
Hola,
creé un index.php con el siguiente contenido:
Código:
 $value) {
		$datos .= $key . ': ' . $value . ' - ';
	}
	$datos .= "\n";
	if ( ($datos !== "") && ($datos !== "\n") ) {
		file_put_contents($file, $datos, FILE_APPEND | LOCK_EX);
	}
?>
pero no capturaba nada. Parece que no envía nada mediante POST. Yo hice una prueba enviando los datos de un formulario que cree en local con el action apuntando a la raiz del sitio y si que me guardo toda la info que enviaba.
Fail2ban lo he usado y es mano de santo, sobre todo para los servicios ssh y ftp. Pero en este caso creo que no serviría ya que las peticiones se dirigen a una zona de la web abierta, sin autentificación.

Me miraré bien todo lo que me recomiendas tfwfactory. Gracias.

El colega sigue dale que te pego. Como curiosidad, en un access_log de mas de 190.000 líneas, las IP que más se repiten aparecen unas 35, 36 veces.

Un saludo

tfwfactory
19/12/2013, 21:50
Si te envian algo mediante POST puedes verlo en el archivo de Apache de logs en concreto accesos para esa fecha

Te recomiendo usar directivas y módulos de apache para protegerte

Fail2Ban
DenyHosts funciona con Fail2Ban
mod_security
mod_evasive
IpTables.
CSF

También tienes un apartado en el nuevo manager , pero no se como usarlo bien aun tengo que testear , que te permite banear a estos tipejos fuera de tu servidor y que no sigan intentado enviarte exploits , muchos posts de estos intentan acceder via un archivo perl en el directorio cgi-bin , sino vas a usarlo en tu host renombra este directorio y manten un buen analisis estadístico por ejemplo con PIWIK

Saludos amigo

oceano
19/12/2013, 21:43
Hola, buenas noches Guille.

Cita Publicado inicialmente por Guille
Si tienes curiosidad, crea un index.php que guarde en un archivo el contenido del POST.
Así verás que está intentando enviarte.
Por favor, podrías aportar mayor información sobre lo que indicas ?


Muchas gracias.

Un saludo !

oceano
19/12/2013, 21:42
Hola, buenas noches.

Cita Publicado inicialmente por Traxteante
Gracias a todos.

oceano: yo he usado esta página para generar las direcciones IP turcas, es bueno tener alternativas. Me ha llamado la atención el servicio de Cloudfare, me lo tengo que mirar a fondo. ¿Tu lo usas?

Gracias, un saludo.
· CloudFlare es una formidable plataforma, cuando la pruebes no la dejarás nunca. Además de aportarte seguridad, hará que tu web vaya mucho más rápida de lo habitual. Por 20$/mes, tienes una cantidad de configuraciones muy buenas. Te lo recomiendo, si vale de algo...

· Si utilizas WordPress, de igual modo recomiendo que investigues www.authy.com Son un equipo formidable que te ayudarán en la seguridad de tu plataforma si lo necesitas, pero es muy intuitivo y tienes un How-To excelente donde podrás encontrar diferentes herramientas también de seguridad. Hasta cierto número de usuarios es totalmente gratuito. Profesionales de 1 orden.


Un saludo, espero haberte podido ayudar.

Guille
19/12/2013, 16:44
Cita Publicado inicialmente por Traxteante
El g*i*l*i*p*o*ll*a*s turco este sigue con lo suyo. A ver si se cansa. ¿Por donde puedo seguir investigando para saber más acerca de lo que pretende hacer?
Si tienes curiosidad, crea un index.php que guarde en un archivo el contenido del POST.
Así verás que está intentando enviarte.

pepejlr
19/12/2013, 15:16
Cita Publicado inicialmente por Traxteante
Gracias a todos.

pepejlr: el código 403 lo da ahora, después de modificar el archivo htaccess. Antes entraba a la raiz del sitio web y ejecutaba el index.php de un WordPress. Además, fue hacer el cambio y volver a la normalidad, ahora la carga esta siempre alrededor de 0.30.

El g*i*l*i*p*o*ll*a*s turco este sigue con lo suyo. A ver si se cansa. ¿Por donde puedo seguir investigando para saber más acerca de lo que pretende hacer?

Gracias, un saludo.
Vale, entonces estás sufriendo el tipico ataque a Wordpress. http://ayudawordpress.com/ataque-mas...ios-wordpress/

En realidad lo que intenta es acceder a tu sitio aunque me parece raro que te ataque el index.php y no el wp-login.php. De momento y hasta que el ataque se neutralice, intenta que todas sus peticiones vayan a un 403 para que al menos no te sature el servidor.

Traxteante
19/12/2013, 13:39
Gracias a todos.

oceano: yo he usado esta página para generar las direcciones IP turcas, es bueno tener alternativas. Me ha llamado la atención el servicio de Cloudfare, me lo tengo que mirar a fondo. ¿Tu lo usas?

pepejlr: el código 403 lo da ahora, después de modificar el archivo htaccess. Antes entraba a la raiz del sitio web y ejecutaba el index.php de un WordPress. Además, fue hacer el cambio y volver a la normalidad, ahora la carga esta siempre alrededor de 0.30.

jcrequena: he ojeado por encima el enlace que has puesto y creo que puede ser el camino a seguir. Gracias.

El g*i*l*i*p*o*ll*a*s turco este sigue con lo suyo. A ver si se cansa. ¿Por donde puedo seguir investigando para saber más acerca de lo que pretende hacer?

Gracias, un saludo.

jcrequena
19/12/2013, 07:22
Si tienes un Apache puedes instalar mod_evasive

http://www.tail-f.com.ar/servicios/h...aques-dos.html

pepejlr
18/12/2013, 23:44
No es un DDOS, de eso sufro a diario. El problema es si esas peticiones cargan al PHP o al MySQL. Por lo que veo dichas peticiones se redireccionan a un sitio que da error 403 con lo que no deberia sobrecargar de esa forma el servidor al no dirigirse a MySQL o a PHP.

Probablemente esa sobrecarga de la máquina sea por un script PHP mal configurado y este log no tenga nada que ver. Yo por si acaso monté un script para que reinicie apache si la carga supera los 10 puntos y de momento no he tenido más problemas con la máquina cuando se le va la pinza el PHP.

tfwfactory
18/12/2013, 19:56
Excelente aporte

oceano
18/12/2013, 19:29
Hola, buenas noches.

Quizá algo de esto pueda ayudarte !

https://www.countryipblocks.net/country_selection.php
http://globalsecuritymap.com/
https://es.cloudflare.com/
https://www.authy.com/

Código:
# Copyright 2013 Country IP Blocks LLC
#all rights reserved.
#This list may not be redistributed in any form.
#this list includes network data on the following countries:
#TURKEY
5.2.80.0/21
5.10.65.160/27
5.10.65.240/28
5.10.68.56/30
5.10.68.96/30
5.10.68.160/29
5.10.69.56/29
5.10.69.232/29
5.10.70.200/29
5.10.73.192/27
5.10.74.32/29
5.10.75.160/28
5.10.76.32/29
5.10.77.112/30
5.10.77.124/30
5.10.79.48/28
5.10.84.96/30
5.10.84.172/30
5.10.84.216/29
5.10.84.232/29
5.10.85.12/30
5.10.88.88/29
5.10.88.108/30
5.10.89.96/30
5.10.89.224/30
5.10.91.80/29
5.11.128.0/17
5.23.120.0/21
5.24.0.0/14
5.44.80.0/20
5.44.144.0/20
5.46.0.0/15
5.63.32.0/19
5.104.0.0/20
5.159.248.0/21
5.176.0.0/15
5.226.192.0/18
5.229.0.0/16
5.250.240.0/20
5.255.0.0/18
24.133.0.0/16
31.3.0.0/21
31.6.80.0/20
31.7.32.0/21
31.25.168.0/21
31.44.192.0/20
31.140.0.0/14
31.145.0.0/16
31.155.0.0/16
31.169.64.0/19
31.176.0.0/17
31.177.128.0/17
31.186.0.0/19
31.192.208.0/21
31.200.0.0/17
31.206.0.0/16
31.207.80.0/21
31.210.32.0/19
31.210.64.0/18
31.210.152.0/21
31.223.0.0/17
37.1.144.0/21
37.9.200.0/21
37.34.0.0/19
37.58.16.0/21
37.72.48.0/20
37.75.8.0/21
37.77.0.0/19
37.122.136.0/21
37.122.224.0/20
37.123.0.0/18
37.123.96.0/21
37.130.64.0/18
37.131.248.0/21
37.140.208.0/21
37.148.208.0/21
37.152.72.0/21
37.154.0.0/15
37.202.48.0/21
37.205.0.0/21
37.230.104.0/21
37.235.72.0/21
37.247.96.0/20
37.247.112.0/21
46.1.0.0/16
46.2.0.0/16
46.17.128.0/21
46.20.0.0/20
46.20.144.0/20
46.28.232.0/21
46.30.176.0/21
46.31.112.0/21
46.31.144.0/21
46.45.128.0/18
46.104.0.0/16
46.106.0.0/16
46.136.78.0/24
46.154.0.0/15
46.182.64.0/21
46.196.0.0/15
46.221.0.0/16
46.234.0.0/19
46.235.8.0/21
46.245.160.0/21
46.252.96.0/20
46.254.48.0/21
62.29.0.0/17
62.108.64.0/19
62.244.192.0/18
62.248.0.0/17
77.72.184.0/21
77.73.216.0/21
77.75.32.0/21
77.75.216.0/21
77.79.64.0/18
77.92.96.0/19
77.92.128.0/19
77.223.128.0/19
77.245.144.0/20
78.40.224.0/21
78.111.96.0/20
78.135.0.0/18
78.135.64.0/18
78.160.0.0/16
78.161.0.0/16
78.162.0.0/16
78.163.0.0/16
78.164.0.0/16
78.165.0.0/16
78.166.0.0/16
78.167.0.0/16
78.168.0.0/16
78.169.0.0/16
78.170.0.0/17
78.170.128.0/21
78.170.136.0/21
78.170.144.0/21
78.170.152.0/22
78.170.156.0/22
78.170.160.0/20
78.170.176.0/21
78.170.184.0/21
78.170.192.0/18
78.171.0.0/17
78.171.128.0/19
78.171.160.0/19
78.171.192.0/18
78.172.0.0/16
78.173.0.0/16
78.174.0.0/16
78.175.0.0/16
78.176.0.0/16
78.177.0.0/16
78.178.0.0/16
78.179.0.0/16
78.180.0.0/16
78.181.0.0/16
78.182.0.0/16
78.183.0.0/16
78.184.0.0/16
78.185.0.0/16
78.186.0.0/18
78.186.64.0/21
78.186.72.0/21
78.186.80.0/22
78.186.84.0/24
78.186.85.0/24
78.186.86.0/23
78.186.88.0/24
78.186.89.0/24
78.186.90.0/23
78.186.92.0/22
78.186.96.0/23
78.186.98.0/23
78.186.100.0/24
78.186.101.0/24
78.186.102.0/24
78.186.103.0/24
78.186.104.0/24
78.186.105.0/24
78.186.106.0/23
78.186.108.0/24
78.186.109.0/24
78.186.110.0/23
78.186.112.0/24
78.186.113.0/24
78.186.114.0/23
78.186.116.0/22
78.186.120.0/21
78.186.128.0/21
78.186.136.0/23
78.186.138.0/24
78.186.139.0/24
78.186.140.0/24
78.186.141.0/24
78.186.142.0/23
78.186.144.0/20
78.186.160.0/19
78.186.192.0/20
78.186.208.0/22
78.186.212.0/22
78.186.216.0/23
78.186.218.0/23
78.186.220.0/22
78.186.224.0/21
78.186.232.0/22
78.186.236.0/23
78.186.238.0/24
78.186.239.0/24
78.186.240.0/20
78.187.0.0/19
78.187.32.0/20
78.187.48.0/21
78.187.56.0/21
78.187.64.0/21
78.187.72.0/21
78.187.80.0/22
78.187.84.0/23
78.187.86.0/23
78.187.88.0/21
78.187.96.0/23
78.187.98.0/23
78.187.100.0/24
78.187.101.0/24
78.187.102.0/23
78.187.104.0/24
78.187.105.0/24
78.187.106.0/23
78.187.108.0/23
78.187.110.0/23
78.187.112.0/23
78.187.114.0/23
78.187.116.0/22
78.187.120.0/21
78.187.128.0/24
78.187.129.0/24
78.187.130.0/23
78.187.132.0/23
78.187.134.0/23
78.187.136.0/24
78.187.137.0/24
78.187.138.0/23
78.187.140.0/22
78.187.144.0/22
78.187.148.0/23
78.187.150.0/23
78.187.152.0/22
78.187.156.0/22
78.187.160.0/24
78.187.161.0/24
78.187.162.0/23
78.187.164.0/23
78.187.166.0/23
78.187.168.0/21
78.187.176.0/22
78.187.180.0/22
78.187.184.0/21
78.187.192.0/22
78.187.196.0/22
78.187.200.0/21
78.187.208.0/21
78.187.216.0/22
78.187.220.0/22
78.187.224.0/19
78.188.0.0/18
78.188.64.0/20
78.188.80.0/21
78.188.88.0/22
78.188.92.0/22
78.188.96.0/24
78.188.97.0/24
78.188.98.0/23
78.188.100.0/22
78.188.104.0/22
78.188.108.0/23
78.188.110.0/24
78.188.111.0/24
78.188.112.0/22
78.188.116.0/23
78.188.118.0/24
78.188.119.0/24
78.188.120.0/21
78.188.128.0/21
78.188.136.0/22
78.188.140.0/23
78.188.142.0/24
78.188.143.0/24
78.188.144.0/21
78.188.152.0/23
78.188.154.0/23
78.188.156.0/22
78.188.160.0/22
78.188.164.0/22
78.188.168.0/21
78.188.176.0/21
78.188.184.0/22
78.188.188.0/23
78.188.190.0/23
78.188.192.0/22
78.188.196.0/23
78.188.198.0/23
78.188.200.0/22
78.188.204.0/23
78.188.206.0/23
78.188.208.0/22
78.188.212.0/24
78.188.213.0/24
78.188.214.0/23
78.188.216.0/22
78.188.220.0/24
78.188.221.0/24
78.188.222.0/23
78.188.224.0/20
78.188.240.0/22
78.188.244.0/22
78.188.248.0/21
78.189.0.0/20
78.189.16.0/20
78.189.32.0/21
78.189.40.0/22
78.189.44.0/24
78.189.45.0/24
78.189.46.0/23
78.189.48.0/21
78.189.56.0/24
78.189.57.0/24
78.189.58.0/24
78.189.59.0/24
78.189.60.0/23
78.189.62.0/24
78.189.63.0/24
78.189.64.0/24
78.189.65.0/24
78.189.66.0/23
78.189.68.0/22
78.189.72.0/23
78.189.74.0/23
78.189.76.0/22
78.189.80.0/23
78.189.82.0/23
78.189.84.0/22
78.189.88.0/24
78.189.89.0/24
78.189.90.0/23
78.189.92.0/22
78.189.96.0/23
78.189.98.0/23
78.189.100.0/22
78.189.104.0/21
78.189.112.0/22
78.189.116.0/23
78.189.118.0/23
78.189.120.0/22
78.189.124.0/22
78.189.128.0/22
78.189.132.0/22
78.189.136.0/22
78.189.140.0/22
78.189.144.0/21
78.189.152.0/22
78.189.156.0/23
78.189.158.0/23
78.189.160.0/19
78.189.192.0/22
78.189.196.0/22
78.189.200.0/22
78.189.204.0/22
78.189.208.0/20
78.189.224.0/20
78.189.240.0/24
78.189.241.0/24
78.189.242.0/23
78.189.244.0/22
78.189.248.0/26
78.189.248.64/28
78.189.248.80/29
78.189.248.88/29
78.189.248.96/27
78.189.248.128/25
78.189.249.0/24
78.189.250.0/23
78.189.252.0/24
78.189.253.0/26
78.189.253.64/26
78.189.253.128/25
78.189.254.0/26
78.189.254.64/26
78.189.254.128/25
78.189.255.0/24
78.190.0.0/16
78.191.0.0/16
79.98.128.0/21
79.99.176.0/21
79.123.128.0/17
79.170.168.0/21
79.171.16.0/21
80.93.208.0/20
80.251.32.0/20
80.253.240.0/20
81.6.64.0/18
81.8.0.0/17
81.21.160.0/20
81.22.96.0/20
81.91.112.0/20
81.212.0.0/14
82.145.224.0/19
82.150.64.0/19
82.151.128.0/19
82.222.0.0/16
83.66.0.0/16
84.17.64.0/19
84.44.0.0/17
84.51.0.0/18
85.29.0.0/18
85.95.224.0/19
85.96.0.0/12
85.115.32.0/24
85.119.32.0/21
85.119.64.0/21
85.153.0.0/16
85.158.96.0/21
85.159.64.0/21
85.159.72.0/21
85.235.64.0/19
86.108.128.0/17
87.251.0.0/19
88.224.0.0/16
88.225.0.0/17
88.225.128.0/18
88.225.192.0/20
88.225.208.0/23
88.225.210.0/23
88.225.212.0/22
88.225.216.0/21
88.225.224.0/19
88.226.0.0/16
88.227.0.0/16
88.228.0.0/16
88.229.0.0/16
88.230.0.0/16
88.231.0.0/16
88.232.0.0/16
88.233.0.0/16
88.234.0.0/16
88.235.0.0/16
88.236.0.0/16
88.237.0.0/17
88.237.128.0/17
88.238.0.0/16
88.239.0.0/16
88.240.0.0/16
88.241.0.0/16
88.242.0.0/16
88.243.0.0/16
88.244.0.0/16
88.245.0.0/16
88.246.0.0/16
88.247.0.0/18
88.247.64.0/21
88.247.72.0/22
88.247.76.0/25
88.247.76.128/27
88.247.76.160/30
88.247.76.164/30
88.247.76.168/29
88.247.76.176/30
88.247.76.180/30
88.247.76.184/29
88.247.76.192/26
88.247.77.0/24
88.247.78.0/24
88.247.79.0/25
88.247.79.128/27
88.247.79.160/30
88.247.79.164/30
88.247.79.168/29
88.247.79.176/28
88.247.79.192/26
88.247.80.0/20
88.247.96.0/19
88.247.128.0/19
88.247.160.0/19
88.247.192.0/19
88.247.224.0/20
88.247.240.0/24
88.247.241.0/24
88.247.242.0/23
88.247.244.0/22
88.247.248.0/22
88.247.252.0/22
88.248.0.0/18
88.248.64.0/22
88.248.68.0/24
88.248.69.0/24
88.248.70.0/23
88.248.72.0/24
88.248.73.0/29
88.248.73.8/29
88.248.73.16/28
88.248.73.32/27
88.248.73.64/26
88.248.73.128/25
88.248.74.0/23
88.248.76.0/22
88.248.80.0/20
88.248.96.0/20
88.248.112.0/21
88.248.120.0/23
88.248.122.0/24
88.248.123.0/24
88.248.124.0/24
88.248.125.0/24
88.248.126.0/23
88.248.128.0/22
88.248.132.0/23
88.248.134.0/23
88.248.136.0/21
88.248.144.0/22
88.248.148.0/23
88.248.150.0/23
88.248.152.0/21
88.248.160.0/19
88.248.192.0/19
88.248.224.0/22
88.248.228.0/23
88.248.230.0/26
88.248.230.64/26
88.248.230.128/25
88.248.231.0/29
88.248.231.8/29
88.248.231.16/28
88.248.231.32/27
88.248.231.64/26
88.248.231.128/25
88.248.232.0/24
88.248.233.0/29
88.248.233.8/29
88.248.233.16/28
88.248.233.32/27
88.248.233.64/26
88.248.233.128/25
88.248.234.0/23
88.248.236.0/22
88.248.240.0/24
88.248.241.0/24
88.248.242.0/23
88.248.244.0/24
88.248.245.0/24
88.248.246.0/23
88.248.248.0/21
88.249.0.0/19
88.249.32.0/20
88.249.48.0/20
88.249.64.0/21
88.249.72.0/24
88.249.73.0/24
88.249.74.0/23
88.249.76.0/22
88.249.80.0/20
88.249.96.0/19
88.249.128.0/20
88.249.144.0/21
88.249.152.0/22
88.249.156.0/24
88.249.157.0/24
88.249.158.0/23
88.249.160.0/19
88.249.192.0/19
88.249.224.0/21
88.249.232.0/23
88.249.234.0/24
88.249.235.0/24
88.249.236.0/22
88.249.240.0/24
88.249.241.0/24
88.249.242.0/23
88.249.244.0/22
88.249.248.0/21
88.250.0.0/18
88.250.64.0/21
88.250.72.0/22
88.250.76.0/23
88.250.78.0/23
88.250.80.0/20
88.250.96.0/19
88.250.128.0/21
88.250.136.0/21
88.250.144.0/23
88.250.146.0/24
88.250.147.0/24
88.250.148.0/22
88.250.152.0/22
88.250.156.0/22
88.250.160.0/19
88.250.192.0/18
88.251.0.0/16
88.252.0.0/16
88.253.0.0/16
88.254.0.0/16
88.255.0.0/21
88.255.8.0/23
88.255.10.0/24
88.255.11.0/27
88.255.11.32/27
88.255.11.64/26
88.255.11.128/25
88.255.12.0/24
88.255.13.0/24
88.255.14.0/24
88.255.15.0/24
88.255.16.0/22
88.255.20.0/22
88.255.24.0/23
88.255.26.0/27
88.255.26.32/27
88.255.26.64/26
88.255.26.128/25
88.255.27.0/30
88.255.27.4/30
88.255.27.8/29
88.255.27.16/28
88.255.27.32/27
88.255.27.64/26
88.255.27.128/25
88.255.28.0/28
88.255.28.16/28
88.255.28.32/27
88.255.28.64/26
88.255.28.128/25
88.255.29.0/24
88.255.30.0/24
88.255.31.0/28
88.255.31.16/28
88.255.31.32/27
88.255.31.64/26
88.255.31.128/25
88.255.32.0/24
88.255.33.0/24
88.255.34.0/24
88.255.35.0/24
88.255.36.0/29
88.255.36.8/29
88.255.36.16/28
88.255.36.32/27
88.255.36.64/26
88.255.36.128/25
88.255.37.0/24
88.255.38.0/24
88.255.39.0/29
88.255.39.8/29
88.255.39.16/28
88.255.39.32/27
88.255.39.64/26
88.255.39.128/25
88.255.40.0/29
88.255.40.8/29
88.255.40.16/28
88.255.40.32/27
88.255.40.64/26
88.255.40.128/25
88.255.41.0/29
88.255.41.8/29
88.255.41.16/28
88.255.41.32/27
88.255.41.64/26
88.255.41.128/25
88.255.42.0/29
88.255.42.8/29
88.255.42.16/28
88.255.42.32/27
88.255.42.64/26
88.255.42.128/25
88.255.43.0/24
88.255.44.0/29
88.255.44.8/29
88.255.44.16/28
88.255.44.32/27
88.255.44.64/26
88.255.44.128/25
88.255.45.0/24
88.255.46.0/24
88.255.47.0/30
88.255.47.4/30
88.255.47.8/29
88.255.47.16/28
88.255.47.32/27
88.255.47.64/26
88.255.47.128/25
88.255.48.0/23
88.255.50.0/26
88.255.50.64/26
88.255.50.128/25
88.255.51.0/24
88.255.52.0/29
88.255.52.8/29
88.255.52.16/28
88.255.52.32/27
88.255.52.64/26
88.255.52.128/25
88.255.53.0/27
88.255.53.32/27
88.255.53.64/26
88.255.53.128/25
88.255.54.0/29
88.255.54.8/29
88.255.54.16/28
88.255.54.32/27
88.255.54.64/26
88.255.54.128/25
88.255.55.0/24
88.255.56.0/28
88.255.56.16/28
88.255.56.32/27
88.255.56.64/26
88.255.56.128/25
88.255.57.0/24
88.255.58.0/24
88.255.59.0/24
88.255.60.0/29
88.255.60.8/29
88.255.60.16/28
88.255.60.32/27
88.255.60.64/26
88.255.60.128/25
88.255.61.0/24
88.255.62.0/25
88.255.62.128/25
88.255.63.0/24
88.255.64.0/29
88.255.64.8/29
88.255.64.16/28
88.255.64.32/27
88.255.64.64/26
88.255.64.128/25
88.255.65.0/29
88.255.65.8/29
88.255.65.16/28
88.255.65.32/27
88.255.65.64/26
88.255.65.128/25
88.255.66.0/24
88.255.67.0/24
88.255.68.0/30
88.255.68.4/30
88.255.68.8/29
88.255.68.16/28
88.255.68.32/27
88.255.68.64/26
88.255.68.128/25
88.255.69.0/25
88.255.69.128/25
88.255.70.0/24
88.255.71.0/24
88.255.72.0/23
88.255.74.0/24
88.255.75.0/30
88.255.75.4/30
88.255.75.8/29
88.255.75.16/28
88.255.75.32/27
88.255.75.64/26
88.255.75.128/25
88.255.76.0/29
88.255.76.8/29
88.255.76.16/28
88.255.76.32/27
88.255.76.64/26
88.255.76.128/25
88.255.77.0/29
88.255.77.8/29
88.255.77.16/28
88.255.77.32/27
88.255.77.64/26
88.255.77.128/25
88.255.78.0/24
88.255.79.0/28
88.255.79.16/28
88.255.79.32/27
88.255.79.64/26
88.255.79.128/25
88.255.80.0/24
88.255.81.0/24
88.255.82.0/24
88.255.83.0/24
88.255.84.0/24
88.255.85.0/29
88.255.85.8/29
88.255.85.16/28
88.255.85.32/27
88.255.85.64/26
88.255.85.128/25
88.255.86.0/24
88.255.87.0/29
88.255.87.8/29
88.255.87.16/28
88.255.87.32/27
88.255.87.64/26
88.255.87.128/25
88.255.88.0/24
88.255.89.0/24
88.255.90.0/24
88.255.91.0/24
88.255.92.0/24
88.255.93.0/29
88.255.93.8/29
88.255.93.16/28
88.255.93.32/27
88.255.93.64/26
88.255.93.128/25
88.255.94.0/24
88.255.95.0/24
88.255.96.0/22
88.255.100.0/29
88.255.100.8/29
88.255.100.16/28
88.255.100.32/27
88.255.100.64/26
88.255.100.128/25
88.255.101.0/24
88.255.102.0/24
88.255.103.0/24
88.255.104.0/24
88.255.105.0/28
88.255.105.16/28
88.255.105.32/27
88.255.105.64/26
88.255.105.128/25
88.255.106.0/29
88.255.106.8/29
88.255.106.16/28
88.255.106.32/27
88.255.106.64/26
88.255.106.128/25
88.255.107.0/24
88.255.108.0/24
88.255.109.0/24
88.255.110.0/23
88.255.112.0/23
88.255.114.0/24
88.255.115.0/24
88.255.116.0/23
88.255.118.0/24
88.255.119.0/29
88.255.119.8/29
88.255.119.16/28
88.255.119.32/27
88.255.119.64/26
88.255.119.128/25
88.255.120.0/28
88.255.120.16/28
88.255.120.32/27
88.255.120.64/26
88.255.120.128/25
88.255.121.0/24
88.255.122.0/24
88.255.123.0/29
88.255.123.8/29
88.255.123.16/28
88.255.123.32/27
88.255.123.64/26
88.255.123.128/25
88.255.124.0/24
88.255.125.0/30
88.255.125.4/30
88.255.125.8/29
88.255.125.16/28
88.255.125.32/27
88.255.125.64/26
88.255.125.128/25
88.255.126.0/30
88.255.126.4/30
88.255.126.8/29
88.255.126.16/28
88.255.126.32/27
88.255.126.64/26
88.255.126.128/25
88.255.127.0/24
88.255.128.0/29
88.255.128.8/29
88.255.128.16/28
88.255.128.32/27
88.255.128.64/26
88.255.128.128/25
88.255.129.0/24
88.255.130.0/24
88.255.131.0/29
88.255.131.8/29
88.255.131.16/28
88.255.131.32/27
88.255.131.64/26
88.255.131.128/25
88.255.132.0/29
88.255.132.8/29
88.255.132.16/28
88.255.132.32/27
88.255.132.64/26
88.255.132.128/25
88.255.133.0/24
88.255.134.0/29
88.255.134.8/29
88.255.134.16/28
88.255.134.32/27
88.255.134.64/26
88.255.134.128/25
88.255.135.0/24
88.255.136.0/29
88.255.136.8/29
88.255.136.16/28
88.255.136.32/27
88.255.136.64/26
88.255.136.128/25
88.255.137.0/29
88.255.137.8/29
88.255.137.16/28
88.255.137.32/27
88.255.137.64/26
88.255.137.128/25
88.255.138.0/29
88.255.138.8/29
88.255.138.16/28
88.255.138.32/27
88.255.138.64/26
88.255.138.128/25
88.255.139.0/29
88.255.139.8/29
88.255.139.16/28
88.255.139.32/27
88.255.139.64/26
88.255.139.128/25
88.255.140.0/29
88.255.140.8/29
88.255.140.16/28
88.255.140.32/27
88.255.140.64/26
88.255.140.128/25
88.255.141.0/28
88.255.141.16/28
88.255.141.32/27
88.255.141.64/26
88.255.141.128/25
88.255.142.0/29
88.255.142.8/29
88.255.142.16/28
88.255.142.32/27
88.255.142.64/26
88.255.142.128/25
88.255.143.0/28
88.255.143.16/28
88.255.143.32/27
88.255.143.64/26
88.255.143.128/25
88.255.144.0/23
88.255.146.0/24
88.255.147.0/28
88.255.147.16/28
88.255.147.32/27
88.255.147.64/26
88.255.147.128/25
88.255.148.0/28
88.255.148.16/28
88.255.148.32/27
88.255.148.64/26
88.255.148.128/25
88.255.149.0/25
88.255.149.128/25
88.255.150.0/29
88.255.150.8/29
88.255.150.16/28
88.255.150.32/27
88.255.150.64/26
88.255.150.128/25
88.255.151.0/24
88.255.152.0/24
88.255.153.0/24
88.255.154.0/28
88.255.154.16/28
88.255.154.32/27
88.255.154.64/26
88.255.154.128/25
88.255.155.0/24
88.255.156.0/24
88.255.157.0/24
88.255.158.0/24
88.255.159.0/24
88.255.160.0/30
88.255.160.4/30
88.255.160.8/29
88.255.160.16/28
88.255.160.32/27
88.255.160.64/26
88.255.160.128/25
88.255.161.0/26
88.255.161.64/26
88.255.161.128/25
88.255.162.0/24
88.255.163.0/24
88.255.164.0/24
88.255.165.0/29
88.255.165.8/29
88.255.165.16/28
88.255.165.32/27
88.255.165.64/26
88.255.165.128/25
88.255.166.0/26
88.255.166.64/26
88.255.166.128/25
88.255.167.0/25
88.255.167.128/25
88.255.168.0/24
88.255.169.0/24
88.255.170.0/27
88.255.170.32/27
88.255.170.64/26
88.255.170.128/25
88.255.171.0/28
88.255.171.16/28
88.255.171.32/27
88.255.171.64/26
88.255.171.128/25
88.255.172.0/24
88.255.173.0/24
88.255.174.0/24
88.255.175.0/24
88.255.176.0/24
88.255.177.0/24
88.255.178.0/30
88.255.178.4/30
88.255.178.8/29
88.255.178.16/28
88.255.178.32/27
88.255.178.64/26
88.255.178.128/25
88.255.179.0/24
88.255.180.0/24
88.255.181.0/24
88.255.182.0/29
88.255.182.8/29
88.255.182.16/28
88.255.182.32/27
88.255.182.64/26
88.255.182.128/25
88.255.183.0/29
88.255.183.8/29
88.255.183.16/28
88.255.183.32/27
88.255.183.64/26
88.255.183.128/25
88.255.184.0/24
88.255.185.0/27
88.255.185.32/27
88.255.185.64/26
88.255.185.128/25
88.255.186.0/24
88.255.187.0/24
88.255.188.0/24
88.255.189.0/24
88.255.190.0/24
88.255.191.0/24
88.255.192.0/28
88.255.192.16/28
88.255.192.32/27
88.255.192.64/26
88.255.192.128/25
88.255.193.0/29
88.255.193.8/29
88.255.193.16/28
88.255.193.32/27
88.255.193.64/26
88.255.193.128/25
88.255.194.0/24
88.255.195.0/24
88.255.196.0/24
88.255.197.0/24
88.255.198.0/24
88.255.199.0/28
88.255.199.16/28
88.255.199.32/27
88.255.199.64/26
88.255.199.128/25
88.255.200.0/29
88.255.200.8/29
88.255.200.16/28
88.255.200.32/27
88.255.200.64/26
88.255.200.128/25
88.255.201.0/30
88.255.201.4/30
88.255.201.8/29
88.255.201.16/28
88.255.201.32/27
88.255.201.64/26
88.255.201.128/25
88.255.202.0/29
88.255.202.8/29
88.255.202.16/28
88.255.202.32/27
88.255.202.64/26
88.255.202.128/25
88.255.203.0/28
88.255.203.16/28
88.255.203.32/27
88.255.203.64/26
88.255.203.128/25
88.255.204.0/30
88.255.204.4/30
88.255.204.8/29
88.255.204.16/28
88.255.204.32/27
88.255.204.64/26
88.255.204.128/25
88.255.205.0/29
88.255.205.8/29
88.255.205.16/28
88.255.205.32/27
88.255.205.64/26
88.255.205.128/25
88.255.206.0/27
88.255.206.32/27
88.255.206.64/26
88.255.206.128/25
88.255.207.0/24
88.255.208.0/29
88.255.208.8/29
88.255.208.16/28
88.255.208.32/27
88.255.208.64/26
88.255.208.128/25
88.255.209.0/28
88.255.209.16/28
88.255.209.32/27
88.255.209.64/26
88.255.209.128/25
88.255.210.0/29
88.255.210.8/29
88.255.210.16/28
88.255.210.32/27
88.255.210.64/26
88.255.210.128/25
88.255.211.0/25
88.255.211.128/25
88.255.212.0/29
88.255.212.8/29
88.255.212.16/28
88.255.212.32/27
88.255.212.64/26
88.255.212.128/25
88.255.213.0/24
88.255.214.0/24
88.255.215.0/27
88.255.215.32/27
88.255.215.64/26
88.255.215.128/25
88.255.216.0/24
88.255.217.0/24
88.255.218.0/24
88.255.219.0/24
88.255.220.0/22
88.255.224.0/24
88.255.225.0/30
88.255.225.4/30
88.255.225.8/29
88.255.225.16/28
88.255.225.32/27
88.255.225.64/26
88.255.225.128/25
88.255.226.0/28
88.255.226.16/28
88.255.226.32/27
88.255.226.64/26
88.255.226.128/25
88.255.227.0/24
88.255.228.0/28
88.255.228.16/28
88.255.228.32/27
88.255.228.64/26
88.255.228.128/25
88.255.229.0/30
88.255.229.4/30
88.255.229.8/29
88.255.229.16/28
88.255.229.32/27
88.255.229.64/26
88.255.229.128/25
88.255.230.0/28
88.255.230.16/28
88.255.230.32/27
88.255.230.64/26
88.255.230.128/25
88.255.231.0/24
88.255.232.0/28
88.255.232.16/28
88.255.232.32/27
88.255.232.64/26
88.255.232.128/25
88.255.233.0/24
88.255.234.0/29
88.255.234.8/29
88.255.234.16/28
88.255.234.32/27
88.255.234.64/26
88.255.234.128/25
88.255.235.0/24
88.255.236.0/24
88.255.237.0/24
88.255.238.0/24
88.255.239.0/24
88.255.240.0/24
88.255.241.0/28
88.255.241.16/28
88.255.241.32/27
88.255.241.64/26
88.255.241.128/25
88.255.242.0/24
88.255.243.0/24
88.255.244.0/24
88.255.245.0/24
88.255.246.0/23
88.255.248.0/24
88.255.249.0/30
88.255.249.4/30
88.255.249.8/29
88.255.249.16/28
88.255.249.32/27
88.255.249.64/26
88.255.249.128/25
88.255.250.0/24
88.255.251.0/29
88.255.251.8/29
88.255.251.16/28
88.255.251.32/27
88.255.251.64/26
88.255.251.128/25
88.255.252.0/24
88.255.253.0/24
88.255.254.0/24
88.255.255.0/24
89.19.0.0/19
89.106.0.0/19
89.107.224.0/21
89.145.184.0/21
89.252.128.0/18
90.158.0.0/15
91.93.0.0/16
91.102.160.0/21
91.109.208.0/21
91.142.142.0/24
91.151.80.0/20
91.191.160.0/20
91.195.138.0/23
91.198.49.0/24
91.198.61.0/24
91.198.124.0/24
91.199.73.0/24
91.199.111.0/24
91.199.166.0/24
91.199.191.0/24
91.208.61.0/24
91.208.70.0/24
91.208.199.0/24
91.212.126.0/24
91.212.178.0/24
91.212.240.0/24
91.213.1.0/24
91.213.245.0/24
91.213.253.0/24
91.213.254.0/24
91.216.91.0/24
91.216.98.0/24
91.216.119.0/24
91.216.148.0/24
91.216.170.0/24
91.216.201.0/24
91.216.223.0/24
91.217.147.0/24
91.217.193.0/24
91.217.238.0/24
91.220.50.0/24
91.220.65.0/24
91.220.182.0/24
91.220.242.0/24
91.223.0.0/24
91.223.8.0/24
91.223.157.0/24
91.227.4.0/23
91.227.6.0/24
91.228.169.0/24
91.228.255.0/24
91.229.34.0/24
91.229.35.0/24
91.229.44.0/23
91.229.155.0/24
91.229.184.0/24
91.230.73.0/24
91.230.81.0/24
91.230.85.0/24
91.232.174.0/24
91.233.80.0/24
91.235.64.0/24
91.235.104.0/23
91.237.216.0/23
91.239.204.0/24
91.239.242.0/24
91.240.26.0/24
91.240.37.0/24
91.240.108.0/24
91.244.116.0/24
91.244.226.0/24
91.244.227.0/24
92.42.32.0/21
92.43.80.0/21
92.44.0.0/15
92.61.0.0/20
92.63.0.0/20
93.89.16.0/20
93.89.64.0/20
93.89.224.0/20
93.91.64.0/20
93.93.24.0/21
93.94.192.0/21
93.94.248.0/21
93.95.176.0/21
93.155.0.0/17
93.182.64.0/18
93.184.144.0/20
93.186.112.0/20
93.187.64.0/21
93.187.200.0/21
93.190.120.0/21
93.190.216.0/21
94.54.0.0/15
94.73.128.0/18
94.78.64.0/18
94.79.64.0/18
94.101.80.0/20
94.102.0.0/20
94.102.64.0/20
94.103.32.0/20
94.120.0.0/14
94.138.192.0/19
94.199.32.0/21
94.199.200.0/21
94.235.0.0/16
95.0.0.0/12
95.65.128.0/17
95.70.128.0/17
95.128.56.0/21
95.130.168.0/21
95.142.128.0/20
95.173.0.0/19
95.173.160.0/19
95.173.224.0/19
95.183.128.0/17
109.228.192.0/18
109.232.216.0/21
109.235.248.0/21
128.127.168.0/21
134.19.200.0/21
139.179.0.0/16
141.196.0.0/16
144.122.0.0/16
146.185.64.0/18
149.0.0.0/16
149.140.0.0/16
151.135.0.0/16
151.250.0.0/16
155.223.0.0/16
159.20.64.0/19
159.20.112.0/21
159.146.0.0/17
159.253.32.0/20
159.253.80.0/21
160.75.0.0/16
161.9.0.0/16
168.139.0.0/16
176.30.0.0/16
176.33.0.0/16
176.40.0.0/14
176.53.0.0/17
176.54.0.0/15
176.88.0.0/14
176.117.96.0/21
176.216.0.0/14
176.220.0.0/16
176.227.0.0/17
176.232.0.0/13
176.240.0.0/16
178.18.192.0/20
178.20.224.0/21
178.22.8.0/21
178.132.48.0/21
178.210.160.0/19
178.211.32.0/19
178.211.192.0/19
178.233.0.0/16
178.240.0.0/13
178.250.88.0/21
178.251.40.0/21
185.3.56.0/22
185.4.68.0/22
185.4.208.0/22
185.4.224.0/22
185.5.176.0/22
185.7.0.0/22
185.7.80.0/22
185.7.176.0/22
185.8.12.0/22
185.8.32.0/22
185.8.128.0/22
185.9.36.0/22
185.9.156.0/22
185.9.220.0/22
185.11.12.0/22
185.11.212.0/22
185.11.248.0/22
185.12.108.0/22
185.12.224.0/22
185.13.56.0/22
185.14.20.0/22
185.14.64.0/22
185.14.172.0/22
185.15.40.0/22
185.15.196.0/22
185.16.236.0/22
185.17.112.0/22
185.17.136.0/22
185.19.80.0/22
185.19.92.0/22
185.21.4.0/22
185.21.204.0/22
185.22.56.0/22
185.22.100.0/22
185.22.160.0/22
185.22.184.0/22
185.22.248.0/22
185.23.72.0/22
185.24.80.0/22
185.24.124.0/22
185.25.100.0/22
185.26.68.0/22
185.26.144.0/22
185.28.0.0/22
185.28.132.0/22
185.28.160.0/22
185.29.120.0/22
185.29.167.0/26
185.29.192.0/22
185.32.12.0/22
185.33.60.0/22
185.33.108.0/22
185.33.128.0/22
185.33.232.0/22
185.34.128.0/22
185.35.20.0/22
188.3.0.0/16
188.38.0.0/16
188.41.0.0/16
188.56.0.0/14
188.64.208.0/21
188.95.144.0/21
188.119.0.0/18
188.124.0.0/19
188.125.160.0/19
188.132.128.0/17
192.70.133.0/24
192.70.134.0/24
192.95.1.148/30
192.129.87.0/24
192.160.21.0/24
193.23.156.0/24
193.25.124.0/23
193.28.225.0/24
193.32.53.0/24
193.32.55.0/24
193.34.132.0/23
193.34.205.0/24
193.36.0.0/24
193.36.39.0/24
193.36.184.0/24
193.37.135.0/24
193.37.154.0/24
193.41.2.0/23
193.41.225.0/24
193.42.216.0/24
193.58.236.0/24
193.104.13.0/24
193.104.80.0/24
193.104.109.0/24
193.104.124.0/24
193.104.130.0/24
193.104.138.0/24
193.104.201.0/24
193.105.208.0/24
193.105.211.0/24
193.105.234.0/24
193.105.243.0/24
193.108.213.0/24
193.109.134.0/23
193.110.170.0/23
193.110.208.0/21
193.138.116.0/24
193.140.0.0/16
193.143.226.0/24
193.164.9.0/24
193.169.50.0/24
193.178.218.0/24
193.186.208.0/24
193.189.142.0/24
193.192.96.0/19
193.200.170.0/24
193.200.180.0/24
193.200.188.0/24
193.202.18.0/24
193.202.120.0/24
193.218.113.0/24
193.218.200.0/24
193.223.76.0/24
193.238.25.0/24
193.243.192.0/19
193.254.228.0/23
193.254.252.0/23
193.255.0.0/16
194.0.130.0/24
194.0.142.0/24
194.0.178.0/24
194.0.202.0/24
194.9.174.0/24
194.24.168.0/23
194.24.224.0/23
194.27.0.0/16
194.29.208.0/21
194.32.84.0/23
194.36.160.0/24
194.49.126.0/24
194.50.84.0/24
194.50.179.0/24
194.54.32.0/19
194.60.73.0/24
194.107.22.0/24
194.110.150.0/24
194.110.213.0/24
194.125.232.0/22
194.126.230.0/24
194.140.227.0/24
194.156.165.0/24
194.169.253.0/24
194.242.32.0/24
194.247.59.0/24
195.8.109.0/24
195.33.192.0/18
195.39.224.0/23
195.46.128.0/19
195.49.216.0/21
195.62.35.0/24
195.85.242.0/24
195.85.255.0/24
195.87.0.0/16
195.95.149.0/24
195.95.160.0/24
195.95.179.0/24
195.112.128.0/19
195.114.108.0/23
195.128.32.0/21
195.128.254.0/23
195.137.222.0/23
195.140.196.0/22
195.142.0.0/16
195.149.85.0/24
195.149.116.0/24
195.155.0.0/16
195.174.0.0/16
195.175.0.0/16
195.177.206.0/23
195.177.230.0/23
195.182.25.0/24
195.182.42.0/24
195.190.20.0/24
195.191.118.0/23
195.200.222.0/24
195.214.128.0/18
195.216.232.0/24
195.226.196.0/24
195.226.221.0/24
195.234.52.0/24
195.234.165.0/24
195.244.32.0/19
195.245.227.0/24
212.2.192.0/19
212.12.128.0/19
212.15.0.0/19
212.29.64.0/18
212.31.0.0/19
212.50.32.0/19
212.57.0.0/19
212.58.0.0/19
212.64.192.0/19
212.65.128.0/19
212.68.32.0/19
212.98.0.0/19
212.98.192.0/18
212.101.96.0/19
212.108.128.0/19
212.109.96.0/19
212.109.224.0/19
212.115.0.0/19
212.125.0.0/19
212.127.96.0/19
212.133.128.0/17
212.146.128.0/17
212.154.0.0/17
212.156.0.0/16
212.174.0.0/16
212.175.0.0/16
212.252.0.0/16
212.253.0.0/16
213.14.0.0/16
213.43.0.0/16
213.74.0.0/16
213.128.64.0/19
213.139.192.0/19
213.139.224.0/19
213.142.128.0/19
213.143.224.0/19
213.144.96.0/19
213.148.64.0/19
213.153.128.0/19
213.153.160.0/19
213.153.192.0/18
213.155.96.0/19
213.161.128.0/19
213.186.128.0/19
213.194.64.0/18
213.211.0.0/19
213.232.0.0/18
213.238.128.0/18
213.243.0.0/19
213.243.32.0/19
213.248.128.0/18
213.254.128.0/19
217.17.144.0/20
217.31.224.0/20
217.31.240.0/20
217.64.208.0/20
217.68.208.0/20
217.74.24.0/21
217.78.96.0/20
217.116.192.0/20
217.131.0.0/16
217.169.192.0/20
217.172.48.0/20
217.174.32.0/20
217.195.192.0/20
Un saludo !

Guille
18/12/2013, 17:08
No parece un DDOS propiamente dicho sino un intento de intrusión.
Lo digo por la petición POST que seguramente está intentando ejecutar codigo o subir algún fichero.

Traxteante
18/12/2013, 17:02
Hola,
mi servidor estaba con un load average por encima de 25 y no respondía bien. He visto que los recursos los estaba acaparando uno de los dominios que tengo alojados. He investigado un poco y he visto esto:
Código:
78.189.223.69 - - [18/Dec/2013:17:48:02 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
88.227.175.238 - - [18/Dec/2013:17:48:03 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
193.140.182.72 - - [18/Dec/2013:17:48:06 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
88.252.161.67 - - [18/Dec/2013:17:48:09 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
88.247.120.158 - - [18/Dec/2013:17:48:12 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
95.8.150.220 - - [18/Dec/2013:17:48:12 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
88.236.8.202 - - [18/Dec/2013:17:48:13 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
95.9.226.63 - - [18/Dec/2013:17:48:14 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
88.252.161.67 - - [18/Dec/2013:17:48:19 +0100] "POST / HTTP/1.1" 403 518 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
88.247.205.38 - - [18/Dec/2013:17:48:19 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
95.9.114.136 - - [18/Dec/2013:17:48:24 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
95.0.180.66 - - [18/Dec/2013:17:48:29 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
78.173.79.32 - - [18/Dec/2013:17:48:34 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
78.185.62.201 - - [18/Dec/2013:17:48:37 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
88.252.161.67 - - [18/Dec/2013:17:48:42 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
88.248.20.42 - - [18/Dec/2013:17:48:45 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
109.68.237.15 - - [18/Dec/2013:17:48:47 +0100] "POST / HTTP/1.1" 301 359 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
88.252.161.67 - - [18/Dec/2013:17:48:48 +0100] "POST / HTTP/1.1" 403 518 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
95.6.40.240 - - [18/Dec/2013:17:48:49 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
85.99.117.251 - - [18/Dec/2013:17:48:51 +0100] "POST / HTTP/1.1" 403 519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
Un montón de conexiones de diferentes IPs. He mirado unas pocas y parece ser que todas las IPs son de Turquía.
Para intentar corregir la situación, mediante el htaccess del sitio con he bloqueado todas las IPs de Turquía y ahora el servidor funciona bien la carga ha vuelto ha estar por debajo de 1 y responde rápido.

Lo que me gustaría saber es qué es lo que esta pasando, que tipo de ataque es y si puedo hacer alguna otra cosa para protegerme. En 5 años que llevo con el servidor no me había pasado antes nada parecido.

Un saludo