Bonjour,
je viens vous demander de l'aide car je me retrouve confronté à un problème qui me dépasse.
Depuis quelques jours, je trouvais mon site perso (blog/CV/portfolio) de plus en plus lent à l'affichage de pages. J'ai d'abord pensé que ça venait d'OVH qui héberge mon serveur dédié (Debian 6), mais ça s'est aggravé au point qu'il n'y a plus moyen d'afficher une page.
Sur le monitoring OVH, j'ai découvert que mon site subit un traffic entrant d'environ 10Mbps en continu.
J'ai trouvé sur le serveur un fichier de log d'erreurs Apache qui dépassait 8Go. Netstat m'affiche en permanence 255 requêtes de connexion simultanées. J'ai essayé d'installer mod_evasive pour Apache, et d'ajouter un filtre iptables à mon firewall pour limiter le nombre de connexions par minute. C'est toujours pareil.
Je vous colle un bout de ce que j'ai trouvé dans mon /var/log/apache2/other_vhosts_access.log :
Plein de requêtes qui ne me sont visiblement pas destinées.
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14 xxx.xx:80 142.54.184.226 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.bharatstudent.com/st?ad_type=iframe&ad_size=700x300§ion=3011105&pub_url=${PUB_URL} HTTP/1.0" 200 4985 "http://www.gethealthbank.com/category/medicine/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)" xxx.xx:80 199.116.113.149 - - [12/Sep/2012:15:25:14 +0200] "GET http://mobile1.login.vip.ird.yahoo.com/config/pwtoken_get?login=heaven_12_&src=ntverifyint&passwd=7698ca276acaf6070487899ad2ee2cb9&challenge=wTBYIo2AEdMFr6LtdyQZPqYw9FS9&md5=1 HTTP/1.0" 200 425 "-" "MobileRunner-J2ME" xxx.xx:80 142.54.184.66 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.tagjunction.com/iframe3?BnMWDUZsMACTWP4AAAAAAMZGOgAAAAAAAgAAAAQAAAAAAP8AAAAEEAmvRwAAAAAAT1FFAAAAAACy5U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBjxUAAAAAAAIAAwAAgD8AIZbNHJJakD9U46WbxCCgP16Kq8q-K6I.7FG4HoXrsT-GfNCzWfWpP5qZmZmZmbk.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVS6ebsHGZDCVINXK28I6u.3eHH-utRNb.SXbUAAAAAA==,,http%3A%2F%2Fwww.xyzkey.com%2Fbusiness-and-finance%2Fhow-to-create-equity-out-of-fat-air.html,B%3D12%26Z%3D468x60%26_salt%3D3598659528%26m%3D2%26r%3D1%26s%3D3173446,4369ae28-fcdd-11e1-9b35-78e3b510fd4e,1347456304679 HTTP/1.0" 302 1062 "http://www.xyzkey.com/business-and-finance/how-to-create-equity-out-of-fat-air.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" xxx.xx:80 142.54.185.58 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.adorika.com/st?ad_type=ad&ad_size=728x90§ion=3112201&pub_url=${PUB_URL} HTTP/1.0" 200 4650 "http://play-onlinegame.com/" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; Alexa Toolbar)" xxx.xx:80 142.54.182.186 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.zanox.com/tpv/?22603563C419404819T&zpar0=56904609149225520 HTTP/1.0" 302 758 "http://xyzreadyads.com/Default.aspx" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614 Firefox/0.8" xxx.xx:80 108.177.187.40 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.yieldmanager.com/imp?Z=300x250&s=2926391&T=3&_salt=3351479070&B=12&m=2&u=http%3A%2F%2Fjjlearn.com%2Findex.php%3Foption%3Dcom_mailto%26tmpl%3Dcomponent%26link%3Dca03b47031573df01aee1d36c518f234c907dea2&r=1&SIG=10vvd270i;x-cookie=7pf7gqy85139t&o=3&f=qh HTTP/1.0" 200 1570 "http://ad.adserverplus.com/st?ad_type=iframe&ad_size=300x250§ion=2926391&pub_url=${PUB_URL}" "Mozilla/4.0 (compatible; MSIE 5.0; Mac_PowerPC)" xxx.xx:80 74.91.30.130 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.adserverplus.com/imp?Z=300x250&s=2933150&_salt=1393661152&B=12&m=2&u=http%3A%2F%2Fwww.today-car.com%2F%3Fp%3D46&r=1 HTTP/1.0" 302 623 "http://www.today-car.com/?p=46" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 95; Alexa Toolbar)" xxx.xx:80 142.54.184.98 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.adorika.com/st?ad_type=ad&ad_size=728x90§ion=3542983&pub_url=${PUB_URL} HTTP/1.0" 200 4649 "http://www.ygameface.com/index.php?option=com_yoflash&view=game&id=deep-ocean-race&Itemid=68" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.0; Alexa Toolbar)" xxx.xx:80 142.91.189.15 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=728x90§ion=3256421&pub_url=${PUB_URL} HTTP/1.0" 200 4979 "http://newsja.com/index.php?option=com_content&view=category&layout=blog&id=36&Itemid=55&limitstart=45" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; chromeframe; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; MS-RTC LM 8; InfoPath.2)" xxx.xx:80 142.91.189.43 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.adserverplus.com/imp?Z=160x600&s=2888974&T=3&_salt=4202616276&B=12&m=2&u=http%3A%2F%2Ffinancialkownledge.com%2Findex.php%3Fview%3Darticle%26catid%3D49%253Afinancial-skills%26id%3D7880%253A2011-09-28-21-09-41%26tmpl%3Dcomponent%26print%3D1%26layout%3Ddefault%26page%3D%26option%3Dcom_content%26Itemid%3D99&r=1 HTTP/1.0" 302 816 "http://ad.adserverplus.com/st?ad_type=iframe&ad_size=160x600§ion=2888974&pub_url=${PUB_URL}" "Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.11) Gecko/20080118 Firefox/2.0.0.11" xxx.xx:80 77.79.13.140 - - [12/Sep/2012:15:25:14 +0200] "GET http://www.cerdagroup.com/?q=es/node/3&gwruta=subfamilia/2401 HTTP/1.1" 200 27596 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" xxx.xx:80 173.208.173.170 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.adorika.com/imp?Z=300x250&s=3129983&_salt=2920382888&B=12&m=2&u=http%3A%2F%2Fwww.today-women.com%2F&r=1 HTTP/1.0" 302 616 "http://www.today-women.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 95; Alexa Toolbar)" xxx.xx:80 108.168.132.250 - - [12/Sep/2012:15:25:14 +0200] "GET http://s01-delivery.addynamo.net/AdDelivery/AdDelivery.cfm?strReferURL=http%3A%2F%2Fwww.bodyandsoul.com.au%2F&uidChanel=ab882a9e-2860-4ee6-a778-5954e0dedae1&flashVersion=11.2.202&0.826838913286055 HTTP/1.0" 200 222 "http://www.bodyandsoul.com.au/parenting+pregnancy/expert+opinion/raising+debt+free+kids,15149" "Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12" xxx.xx:80 142.54.184.226 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.yieldmanager.com/imp?Z=700x300&s=3011105&T=3&_salt=3585324219&B=12&m=2&u=http%3A%2F%2Fwww.gethealthbank.com%2F&r=1 HTTP/1.0" 302 660 "http://ad.bharatstudent.com/st?ad_type=iframe&ad_size=700x300§ion=3011105&pub_url=${PUB_URL}" "Mozilla/4.76 [en] (Win98; U)"
Si vous avez quelque idée qui pourrait m'aider à solutionner ça, elle sera on ne peut plus bienvenue.
Partager