Apache配置:MaxClients达到| access_log中有许多未知的GET

时间:2013-12-11 14:24:26

标签: apache security http centos

我正在设置一个新的apache + mysql服务器。它只有3个网站,它真的没有太多的活动。我主要用它来编程和测试。

服务器的httpd.conf就是这个:

....

<IfModule prefork.c>
StartServers       8
MinSpareServers    5
MaxSpareServers    20
ServerLimit       256
MaxClients        256
MaxRequestsPerChild  4000
</IfModule>

<IfModule worker.c>
StartServers         4
MaxClients         300
MinSpareThreads     25
MaxSpareThreads     75
ThreadsPerChild     25
MaxRequestsPerChild 0
</IfModule>

....

出于某种原因,一旦我启动服务器并访问一个页面(即使它是非常基本的,没有连接到数据库或任何...我得到这个:

[Wed Dec 11 13:59:10 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Dec 11 13:59:10 2013] [notice] Digest: generating secret for digest authentication ...
[Wed Dec 11 13:59:10 2013] [notice] Digest: done
[Wed Dec 11 13:59:10 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Wed Dec 11 13:59:25 2013] [error] server reached MaxClients setting, consider raising the MaxClients setting

如果我在启动服务器后立即执行“ps -ef”,我会看到所有这些进程都在运行:

UID        PID  PPID  C STIME TTY          TIME CMD
....
root      2945     1  2 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2947  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2948  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2949  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2950  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2951  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2952  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2953  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2954  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2955  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2956  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2957  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2958  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2959  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2960  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2961  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2962  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2963  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2964  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2965  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2966  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2967  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2968  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2969  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2970  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2971  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2972  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2973  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2974  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2975  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2976  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2977  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2978  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2979  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2980  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2981  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2982  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2983  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2984  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2985  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2986  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2987  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2988  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2989  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2990  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2991  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2992  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2993  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2994  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2995  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2996  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2997  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2998  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    2999  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3000  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3001  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3002  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3003  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3004  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3005  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3006  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3007  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3008  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3009  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3010  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3011  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3012  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3013  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3014  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3015  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3016  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3017  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3018  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3019  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3020  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3021  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3022  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3023  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3024  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3025  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3026  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3027  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3028  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3029  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3030  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3031  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3032  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3033  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3034  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3035  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3036  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3037  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3038  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3039  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3040  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3041  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3042  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3043  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3044  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3045  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3046  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3047  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3048  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3049  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3050  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3051  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3052  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3053  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3054  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3055  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3056  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3057  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3058  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3059  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3060  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3061  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3062  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3063  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3064  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3065  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3066  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3067  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3068  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3069  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3070  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3071  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3072  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3073  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3074  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3075  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3076  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3077  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3078  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3079  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3080  2945  0 14:08 ?        00:00:00 /usr/sbin/httpd
apache    3081  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3082  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3083  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3084  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3085  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3086  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3087  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3088  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3089  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3090  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3091  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3092  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3093  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3094  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3095  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3096  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3097  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3098  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3099  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3100  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3101  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3102  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3103  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3104  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3105  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3106  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3107  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3108  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3109  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3110  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3111  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3112  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3113  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3114  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3115  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3116  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3117  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3118  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3119  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3120  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3121  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3122  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3123  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3124  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3125  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3126  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3127  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3128  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3129  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3130  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3131  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3132  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3133  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3134  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3135  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3136  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3137  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3138  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3139  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3140  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3141  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3142  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3143  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3144  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3145  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3146  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3147  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3148  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3149  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3150  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3151  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3152  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3153  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3154  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3155  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3156  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3157  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3158  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3159  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3160  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3161  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3162  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3163  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3164  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3165  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3166  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3167  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3168  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3169  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3170  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3171  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3172  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3173  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3174  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3175  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3176  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3177  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3178  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3179  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3180  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3181  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3182  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3183  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3184  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3185  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3186  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3187  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3188  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3189  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3190  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3191  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3192  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3193  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3194  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3195  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3196  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3197  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3198  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3199  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3200  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3201  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
apache    3202  2945  0 14:09 ?        00:00:00 /usr/sbin/httpd
root      3203  1750  5 14:09 pts/0    00:00:00 ps -ef

如果我尝试使用“tail -f access_log”检查访问日志,我会获得非停止条目来访问我从未见过的网站,而且我没有托管(?)。我的服务器只有几个基本站点,我是大多数访问这个站点的站点。

172.240.255.43 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=3796694&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2864710689 HTTP/1.0" 200 5463 "http://www.sceatec.com/hardware/how-to-improve-servers-performance.html" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)"
192.169.85.121 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=5156870&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=1962079223 HTTP/1.0" 200 5547 "http://www.workacumen.com/index.php?option=com_content&view=article&id=1630:Great-West-Life-Insurance-Rates-for-Women-Smokers-and-Non-Smokers&catid=4&Itemid=5" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser; .NET CLR 2.0.50727; Creative ZENcast v1.02.12; .NET CLR 3.0.04506.30)"
69.162.70.75 - - [11/Dec/2013:14:15:19 +0000] "GET http://content.yieldmanager.edgesuite.net/atoms/ca/6e/ef/bf/ca6eefbfc4b3e52b860e32307142dd2c.gif HTTP/1.0" 200 26598 "http://www.fitnesscareson.com/fitness-factory/fitness-jobs/choosing-the-beauty-salons-in-san-francisco-6.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Alexa Toolbar)"
192.169.85.99 - - [11/Dec/2013:14:15:19 +0000] "GET http://ak1.abmr.net/is/pixel.mathtag.com?U=/misc/img&V=3-1xWPO+glnAYtvOljCBLqFpimxCqp%2fbcnElHRB%2fCXRbsOSOHvsVBgEQ%3d%3d&I=25B80927125D326&D=mathtag.com&01AD=1&mt_id=0&mt_adid=0&mop_seq=0:1&mt_cb=117628&mop_top= HTTP/1.0" 302 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=5151124&pub_url=salebusinessidea.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=1561726732" "Mozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC)"
46.55.23.55 - - [11/Dec/2013:14:15:19 +0000] "GET http://web1.exactseek.com/webclient/?query=fjxg+/threads/&start=5&offset=80&lang=ENG HTTP/1.0" 200 27274 "http://web1.exactseek.com/" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.16"
216.245.216.115 - - [11/Dec/2013:14:15:19 +0000] "GET http://b.scorecardresearch.com/b?c1=8&c2=6035610&rn=0.34418662962084006&c7=http%3A%2F%2Fads.yahoo.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D5151124%26pub_url%3Dsalebusinessidea.com%26_msd%3D1%26_xcf%3D0%26rmxbkn%3D0%26_cbv%3D4057802456&c3=30032779&c4=234558859&c5=114925099&c6=%25m&c10=18971014219&c15=&c16=&c8=&c9=http%3A%2F%2Fwww.salebusinessidea.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D333%3AIdeas-for-Creative-Brainstorming--%26catid%3D174%26Itemid%3D83&cv=1.8 HTTP/1.0" 204 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=5151124&pub_url=salebusinessidea.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=4057802456" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)"
23.19.79.115 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/get-user-id?ver=2&s=5133289&ts=1386771312&sig=96b66e7aa45d6484 HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=5133289&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2176781951" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; Deepnet Explorer)"
192.169.85.194 - - [11/Dec/2013:14:15:18 +0000] "GET http://ad.doubleclick.net/adj/N7384.137772.MAXPOINTINTERACTIVE/B7845858.4;sz=728x90;click=http://mpc.mxptint.net/9S1SE5696B23S1090S5E02S2D8S5ASC89SBDF_5174C7F6_819009SDF_5174C7FB_19EB91%3fhttp://r.mxptint.net%3f;ord=5393202 HTTP/1.0" 200 7573 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=3698931&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=891089422" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; XMPP Tiscali Communicator v.10.0.2; .NET CLR 2.0.50727)"
69.147.233.50 - - [11/Dec/2013:14:15:19 +0000] "GET http://content.yieldmanager.edgesuite.net/atoms/fb/a8/7f/c7/fba87fc7f7a0335ef9033c4f717d7bb3.png HTTP/1.0" 200 18820 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=4311038&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=445943840" "Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.11) Gecko/20080118 Firefox/2.0.0.11"
192.169.85.52 - - [11/Dec/2013:14:15:18 +0000] "GET http://ads.yahoo.com/imp?_cbv=1420241591&_msd=1&_xcf=0&Z=0x0&y=29&rmxbkn=0&s=5081065&_salt=0&B=12&m=2&H=&u=http%3A%2F%2Fwww.makemasterfinance.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D1540%3ABuy-Car-Insurance-Online%3A-Obtaining-Quotes-and-Comparisons%26catid%3D4%26Itemid%3D5&M=5&r=1 HTTP/1.0" 200 958 "http://www.makemasterfinance.com/index.php?option=com_content&view=article&id=1540:Buy-Car-Insurance-Online:-Obtaining-Quotes-and-Comparisons&catid=4&Itemid=5" "Opera/9.80 (X11; Linux i686; U; ja) Presto/2.7.62 Version/11.01"
172.240.255.35 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=pop&ad_size=0x0&section=3796694&banned_pop_types=29&pop_times=1&pop_frequency=0&pub_url=www.sceatec.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=381351163 HTTP/1.0" 200 5200 "http://www.sceatec.com/hardware/hp-c7975a-lto5-huge-capacity-compatible-protected-media-cartridge.html" "Opera/9.24 (Windows NT 5.1; U; tr)"
192.169.85.86 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/get-user-id?ver=2&s=5167806&ts=1386771294&sig=cd794b3708a1bd0b HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=5167806&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=4177140593" "Mozilla/4.7 [en] (Win98; I)"
23.19.58.228 - - [11/Dec/2013:14:15:19 +0000] "GET http://pixel.mathtag.com/sync/js?01AD=3qniaWcOZKiAgKJ1xmCiuoQQpEZBJYda9WXoBVp85E3l9lKH-WSWsUw&01RI=ED8AB17483CAF35&01NA=na&sync=auto&mt_lim=1 HTTP/1.0" 200 195 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=5159500&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=480249027" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98; Alexa Toolbar)"
173.208.83.84 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/imp?_cbv=2105678712&_msd=1&_xcf=0&Z=300x250&u=learnabouttrip.com&rmxbkn=0&s=5141599&T=3&_salt=0&B=12&m=2&H=http%3A%2F%2Flearnabouttrip.com%2Findex.php%2Ftourist-definition%2F1324-tourism-in-zimbabwe&M=3&r=1 HTTP/1.0" 200 1008 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=5141599&pub_url=learnabouttrip.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=2105678712" "Mozilla/5.0 (Linux i686; U; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.51"
23.19.79.116 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/imp?_cbv=203356319&_msd=1&_xcf=0&Z=160x600&rmxbkn=0&s=5133289&T=3&_salt=0&B=12&m=2&H=http%3A%2F%2Fsuperwomenhealth.com%2Findex.php%2Fkids-health%2F2554-fresh-healthy-vending&u=http%3A%2F%2Fsuperwomenhealth.com%2Findex.php%2Fkids-health%2F2554-fresh-healthy-vending&M=4&r=1 HTTP/1.0" 200 1062 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=5133289&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=203356319" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)"
69.162.97.215 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=ad&ad_size=300x250&section=4890511&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2239536379 HTTP/1.0" 200 5149 "http://www.evigs.com/injury-dictionary-inqueries/medical-illness-dictionary/tips-for-learning-what-you-need-to-know-as-patient.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.694.0 Safari/534.24"
192.169.86.70 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=4411352&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=1207065059 HTTP/1.0" 200 5532 "http://www.workinhouses.com/index.php?option=com_content&view=article&id=2537:Do-Hydrogen-Fuel-Conversion-Kits-Really-Work?&catid=174&Itemid=22" "Mozilla/5.0 (Windows NT 6.1; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.750.0 Safari/534.30"
69.147.233.50 - - [11/Dec/2013:14:15:19 +0000] "GET http://content.yieldmanager.edgesuite.net/atoms/79/fd/96/8a/79fd968aa01b830aca01612fac5b880a.gif HTTP/1.0" 200 12730 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=4311038&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=3877702270" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8"
192.169.85.115 - - [11/Dec/2013:14:15:19 +0000] "GET http://ad.doubleclick.net/adj/N7586.150834.TURN/B7621332;abr=!ie;sz=160x600;click=http://r.turn.com/r/formclick/id/VdfWUmfN5zUoLAwA4QUBAA/url/;ord=3884299047285479253 HTTP/1.0" 200 11 "http://ads.tblamnetwork.com/st?ad_type=iframe&ad_size=160x600&section=5040675&pub_url=${PUB_URL}" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
64.120.60.124 - - [11/Dec/2013:14:15:19 +0000] "GET http://ib.adnxs.com/seg?add=357296&t=2 HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=4931529&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=1381802406" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 ChromePlus/1.5.2.0"
208.115.203.37 - - [11/Dec/2013:14:15:19 +0000] "GET http://ib.adnxs.com/seg?add=357277&t=2 HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=336x280,300x250,250x250,180x150&section=4584406&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=3921164224" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; Alexa Toolbar)"
173.234.12.249 - - [11/Dec/2013:14:15:20 +0000] "GET http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D2010001 HTTP/1.0" 200 - "http://www.newbia.net/index.php?option=com_content&view=category&layout=blog&id=24&Itemid=29&limitstart=40" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.0; Alexa Toolbar)"
64.120.60.121 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/imp?_cbv=2824547489&_msd=1&_xcf=0&Z=160x600&rmxbkn=0&s=4931529&T=3&_salt=0&B=12&m=2&H=http%3A%2F%2Fhealthchurch.com%2Findex.php%2Fhealth-questions%2F3582-bluesuitmomcom&u=http%3A%2F%2Fhealthchurch.com%2Findex.php%2Fhealth-questions%2F3582-bluesuitmomcom&M=4&r=1 HTTP/1.0" 200 1060 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=4931529&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2824547489" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2"

有什么想法吗?我有点失落。

2 个答案:

答案 0 :(得分:3)

我昨天终于可以解决这个问题。问题是我的服务器充当了开放代理。

access_log中显示的条目通常是恶意客户端试图利用开放代理服务器访问网站而不泄露其真实位置的结果。他们可能会这样做来操纵按点击付费广告系统,向其他人的网站添加评论或链接垃圾邮件,或只是做一些令人讨厌的事情而不被发现。

如何阻止这些请求通过我的服务器访问外部服务器?

首先,如果您不需要运行代理服务器,请通过在httpd.conf中注释掉其LoadModule行或设置ProxyRequests来禁用mod_proxy。请记住,禁用ProxyRequests不会阻止您使用带有ProxyPass指令的反向代理。

我不喜欢我的服务器响应随机主机名请求的想法。

您可以将Apache配置为拒绝通过设置默认虚拟主机来访问未专门配置的任何主机:

NameVirtualHost *:80

<VirtualHost *:80>
  ServerName default.only
  <Location />
    Order allow,deny
    Deny from all
  </Location>
</VirtualHost>

<VirtualHost *:80>
  ServerName realhost1.example.com
  ServerAlias alias1.example.com alias2.example.com
  DocumentRoot /path/to/site1
</VirtualHost>

完成这些更改后,您可以尝试将自己的服务器用作代理来访问其他网站,并确保从您的网站获得故障或本地内容。其中包括:

将浏览器配置为使用Web服务器作为其默认代理服务器,然后尝试请求外部站点。您应该只回复自己的网站内容。 使用telnet手动构造请求:

telnet yoursite.example.com 80
GET http://www.yahoo.com/ HTTP/1.1
Host: www.yahoo.com

答案 1 :(得分:2)

立即脱颖而出的两件事:

  1. 您的服务器正在为所有这些GET请求返回HTTP代码200。 200表示它找到了URL的页面。应该返回404(Not Found)。您的index.php文件可能代理异地请求。查看您的代码,停止它,和/或使其返回404s。如果这不仅仅是写得不好或经过深思熟虑的代码,那么您的网站可能会被注入index.php的代码泄露。

  2. 查看地址,这可能是使用非现场广告的XSS攻击/利用,当用户查看其中一个广告时,使用您的域来获取其他网站/网页。这通常用于扩充广告视图(剥离广告网络),DDoS攻击或隐藏黑客攻击。 http://en.wikipedia.org/wiki/Cross-site_scripting