Visites arrivant de partout sur mon apache

**dgouyette** · 10/05/2008, 19h03

Bonjour,

Depuis ce matin j'ai pu observer un net ralentissement de mon serveur apache, j'ai ensuite regardé les process lancé et je vois qu'il y a 150 process apache lancé, ca me consomme un max de bande passante et je vois pas ou ils arrivent.

j'ai des logs du style :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
72.232.62.122 - - [10/May/2008:18:36:51 +0200] "POST http://72.232.62.122:81/cp.php HTTP/1.0" 200 106 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
194.110.162.224 - - [10/May/2008:18:36:52 +0200] "POST http://p.5and5.com/check.php?ch1=uvltwsbxysky&ch2=hevblblajvuondcw&ch3=wihbhweyakbddvdd HTTP/1.0" 200 2125 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
208.85.177.178 - - [10/May/2008:18:36:51 +0200] "POST http://citrus.boy.jp/script/php/houkoku/pppbbs.php HTTP/1.0" 200 1516 "http://citrus.boy.jp/script/php/houkoku/pppbbs.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
72.36.238.82 - - [10/May/2008:18:36:51 +0200] "POST http://www.freerotic.com/marker.php HTTP/1.0" 200 14 "http://www.freerotic.com/marker.php" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
72.36.180.11 - - [10/May/2008:18:36:52 +0200] "POST http://www.freerotic.com/marker.php HTTP/1.0" 200 14 "http://www.freerotic.com/marker.php" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
89.149.254.158 - - [10/May/2008:18:36:51 +0200] "POST http://laguardiaenimagenes.com/content/view/490/2/index.php HTTP/1.1" 200 16785 "http://laguardiaenimagenes.com/content/view/490/2/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
78.129.202.10 - - [10/May/2008:18:36:51 +0200] "POST http://www.ezin.barinych.sk/modules.php?name=Forums&file=posting&sid=f5d77ca15f83799e678bfc8c2b0f9db4 HTTP/1.1" 200 155124 "http://www.ezin.barinych.sk/modules.php?name=Forums&file=posting&mode=quote&p=7658" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
72.36.238.82 - - [10/May/2008:18:36:52 +0200] " http://www.freerotic.com/marker.php HTTP/1.1" 200 171 "-" "-"
78.129.202.10 - - [10/May/2008:18:36:51 +0200] "GET http://www.yourdentistcares.com/categories/family+dentist.html HTTP/1.1" 200 29896 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
72.36.180.11 - - [10/May/2008:18:36:52 +0200] " http://www.freerotic.com/marker.php HTTP/1.1" 200 171 "-" "-"
72.232.88.194 - - [10/May/2008:18:36:52 +0200] "POST http://spam-abuse.info/spamilka2/proxy.php HTTP/1.1" 200 151 "http://spam-abuse.info/spamilka2/proxy.php" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
72.36.130.98 - - [10/May/2008:18:36:51 +0200] "POST http://perryv.i.ph/blogs/facesmoon/wp-comments-post.php HTTP/1.0" 403 59 "http://perryv.i.ph/blogs/facesmoon/wp-comments-post.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
64.92.160.154 - - [10/May/2008:18:36:51 +0200] "GET http://principle.jp/bbs2/cf.cgi?id=sion HTTP/1.0" 200 19899 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
219.153.14.213 - - [10/May/2008:18:36:49 +0200] "GET http://www.moregamers.com/banners/5728-4872.gif HTTP/1.0" 200 46849 "http://www.moregamers.com/banner.php?u=8463&l=http%3A//www.nowaybored.com/moregamers.html&r=&c=FR&rand=6951&t=1210437346&key=4d2507b8dc450f5430960c280628796d" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
69.56.182.130 - - [10/May/2008:18:36:52 +0200] "POST http://the2007.info/proxy/tools/test.php HTTP/1.1" 200 119 "http://the2007.info/proxy/tools/test.php" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
61.139.105.188 - - [10/May/2008:18:36:52 +0200] "GET http://banner.adtrgt.com/cpv_inline.js?p=112684&cb=411459658 HTTP/1.0" 200 1137 "http://www.gameshockers.com/" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"
87.118.112.25 - - [10/May/2008:18:36:52 +0200] "POST http://216.195.32.131/proxy/http/engine.php HTTP/1.0" 200 447 "http://216.195.32.131/proxy/http/engine.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
195.131.177.245 - - [10/May/2008:18:36:52 +0200] "POST http://www.xtraf.biz/CheckProxy.php HTTP/1.0" 200 103 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
89.149.254.158 - - [10/May/2008:18:36:52 +0200] "POST http://www.williamrpierce.com/blog/wp-comments-post.php HTTP/1.1" 302 - "http://www.williamrpierce.com/blog/?p=4" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
64.92.160.154 - - [10/May/2008:18:36:52 +0200] "GET http://f41.aaa.livedoor.jp/~getaway/top.html HTTP/1.0" 200 6831 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
208.110.82.34 - - [10/May/2008:18:32:48 +0200] "POST http://www.bhujissa.com/cgi/bbs_botu/ealis_wri.cgi?50 HTTP/1.1" 504 249 "http://www.bhujissa.com/cgi/bbs_botu/ealis_wri.cgi?50" "Opera/9.00 (Windows NT 5.1; U; en)"
78.129.202.10 - - [10/May/2008:18:36:45 +0200] "POST http://aktivepensionister.dk/index.php?name=PNphpBB2&file=posting&sid=e4bc04bc0e452b9dcf40a0fe37df91cf HTTP/1.1" 200 26326 "http://aktivepensionister.dk/index.php?name=PNphpBB2&file=posting&mode=reply&t=489&sid=bb79eb77d54b6563b6fd2a38b25630cb" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
72.36.130.98 - - [10/May/2008:18:36:52 +0200] "POST http://scienceblogs.com/omnibrain/2007/05/jimmyainthere.cgi HTTP/1.0" 404 1525 "http://scienceblogs.com/omnibrain/2007/05/jimmyainthere.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
64.92.160.154 - - [10/May/2008:18:36:52 +0200] "GET http://www.century.st/bbs2/cf.cgi?mode=all&namber=732&rev=0 HTTP/1.0" 200 4841 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.92.160.154 - - [10/May/2008:18:36:52 +0200] "GET http://principle.jp/bbs2/cf.cgi?id=support&mode=all&mo=771&namber=770&rev=1 HTTP/1.0" 200 10612 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
66.199.232.18 - - [10/May/2008:18:36:52 +0200] "POST http://wotupset.wiki.ptt.cc/index.php?action=prefs HTTP/1.1" 302 - "http://wotupset.wiki.ptt.cc/index.php?action=prefs" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
208.85.177.178 - - [10/May/2008:18:36:52 +0200] "POST http://greymoonskill.4t.com/cgi-bin/guest HTTP/1.0" 200 2136 "http://greymoonskill.4t.com/cgi-bin/guest" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
72.36.130.98 - - [10/May/2008:18:36:49 +0200] "POST http://uonobu.dreamblog.jp/blog/150.html HTTP/1.0" 200 8662 "http://uonobu.dreamblog.jp/blog/150.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
78.129.202.10 - - [10/May/2008:18:36:52 +0200] "POST http://www.hirose-order.com/cgi/sunbbs.cgi HTTP/1.1" 200 841 "http://www.hirose-order.com/cgi/sunbbs.cgi?mode=form&no=644&page=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
66.199.232.18 - - [10/May/2008:18:36:52 +0200] "POST http://www.e-marusei.jp/cgi/mail/ms_mail.cgi HTTP/1.1" 200 426 "http://www.e-marusei.jp/contact.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
72.9.99.114 - - [10/May/2008:18:36:53 +0200] "GET http://sorry.google.com/sorry/?continue=http://72.14.217.102/ie%3Fq%3Dinurl%253A%255C%2522./topics.cgi%255C%2522%2520intitle%253A%255C%2522BBS%255C%2522%2520intext%253A%255C%2522Mon%255C%2522%26hl%3Den%26start%3D600%26num%3D100 HTTP/1.1" 200 2175 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20030916"
72.232.88.194 - - [10/May/2008:18:36:53 +0200] "POST http://spam-abuse.info/spamilka2/proxy.php HTTP/1.1" 200 151 "http://spam-abuse.info/spamilka2/proxy.php" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
87.218.201.189 - - [10/May/2008:18:36:53 +0200] "GET http://n5.login.mud.yahoo.com/config/isp_verify_user?l=darkincall&p=orchid HTTP/1.0" 200 26 "http://n5.login.mud.yahoo.com" "-"
78.129.202.10 - - [10/May/2008:18:36:51 +0200] "GET http://www.fairyplaza.co.th/fantasia2/board.php?page=1 HTTP/1.1" 200 140268 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
66.232.112.172 - - [10/May/2008:18:36:50 +0200] "POST http://honmoku-socony.sakura.ne.jp/bbs/bbs.cgi HTTP/1.0" 200 5586 "http://honmoku-socony.sakura.ne.jp/bbs/bbs.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
78.129.202.10 - - [10/May/2008:18:36:52 +0200] "GET http://www.age.gs/~okiraku/cgi-bin/webforum/wforum.cgi?mode=newsort HTTP/1.1" 200 27812 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
64.92.172.106 - - [10/May/2008:18:36:53 +0200] "GET http://www.city.cleveland.oh.us/government/departments/ HTTP/1.1" 200 33466 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
74.52.150.202 - - [10/May/2008:18:36:53 +0200] "POST http://the2007.biz/extra/test.php HTTP/1.1" 200 119 "http://the2007.biz/extra/test.php" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
72.232.88.194 - - [10/May/2008:18:36:53 +0200] "POST http://spam-abuse.info/spamilka2/proxy.php HTTP/1.1" 200 151 "http://spam-abuse.info/spamilka2/proxy.php" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

Avec des noms de domaine qui ne sont pas hébergés sur mon serveur bien sur

Question logs d'erreurs :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 
[Sat May 10 18:37:41 2008] [error] [client 61.139.105.188] proxy: DNS lookup failure for: affiliates.nexpartner.com returned by http://affiliates.nexpartner.com/sw/16095/CD104/1210437398, referer: http%3A%2F%2Fwww.ixfree.net%2Findex.html
[Sat May 10 18:37:42 2008] [error] [client 78.129.202.10] proxy: DNS lookup failure for: www.taitao.net.cn returned by http://www.taitao.net.cn/guestbook/index.asp
[Sat May 10 18:37:42 2008] [error] [client 72.36.179.74] proxy: DNS lookup failure for: xtenk.web-networks.eu returned by http://xtenk.web-networks.eu/guestbook.php, referer: http://xtenk.web-networks.eu/index.php?site=guestbook&amp;type=ASC&amp;page=4
[Sat May 10 18:37:42 2008] [error] [client 208.110.82.34] proxy: error reading status line from remote server healing-place.org, referer: http://healing-place.org/files/ibbs/ibbs.php
[Sat May 10 18:37:42 2008] [error] [client 208.110.82.34] proxy: Error reading from remote server returned by http://healing-place.org/files/ibbs/ibbs.php, referer: http://healing-place.org/files/ibbs/ibbs.php
[Sat May 10 18:37:44 2008] [error] [client 66.135.202.181] SSL Proxy requested for ns24718.ovh.net:80 but not enabled [Hint: SSLProxyEngine]
[Sat May 10 18:37:44 2008] [error] proxy: HTTPS: failed to enable ssl support for 66.135.202.181:443 (scgi.ebay.com)
[Fri May 09 14:41:28 2008] [warn] proxy: No protocol handler was valid for the URL 168.95.5.68:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri May 09 14:41:59 2008] [warn] proxy: No protocol handler was valid for the URL 168.95.5.18:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri May 09 14:42:50 2008] [warn] proxy: No protocol handler was valid for the URL 139.175.239.22:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri May 09 14:43:05 2008] [warn] proxy: No protocol handler was valid for the URL 203.188.197.10:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri May 09 14:43:09 2008] [warn] proxy: No protocol handler was valid for the URL 203.188.197.9:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri May 09 14:43:38 2008] [warn] proxy: No protocol handler was valid for the URL 59.124.214.52:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri May 09 14:43:49 2008] [warn] proxy: No protocol handler was valid for the URL 138.243.60.98:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri May 09 14:43:49 2008] [warn] proxy: No protocol handler was valid for the URL 211.74.160.45:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri May 09 14:44:21 2008] [warn] proxy: No protocol handler was valid for the URL 203.188.197.9:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[

Quelqu'un a une idée ?