apache problem...ddos attack?

D

dethman

Well-Known Member
PartnerNOC
Jan 4, 2003
120
0
166
Buenos Aires, Argentina
cPanel Access Level
DataCenter Provider
Hello, i have a problem with apache and ddos attack

for example error_log of apache

[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK mpvsgczrq
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [notice] child pid 8907 exit signal Segmentation fault (11)
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK xdozdcyxa
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK gmibuerfe
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK xegnbic
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK xegnbic
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK wplkckyy
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK hudszkwea
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK matrmnvzy
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK dtictrxy
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK zkjwqmz
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK niohrtazm
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path

this error
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path

because i change the permissions of htdocs...
the question is for this error:
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK niohrtazm
what is this? and how to fix?
i have the dos_evasive, mod_security, and ddos instaled in the server.
And for the command line block by iptables thats ips and they change or they are generated almost right away

Thanks
 
AndyReed

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
dethman said:
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on
Click to expand...
You can block this person's IP address using iptbales.
 
AndyReed

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
dethman said:
Thanks for the answer :)
yes I do that, but automatically they appear others ips doing the same and is constant.
Click to expand...
You can install APF and BFD to block these recurring IPs, and stop/minimize their attacks.
 
R

ramprage

Well-Known Member
Jul 21, 2002
651
0
166
Canada
I have a custom DDoS script that can block multiple attacks automatically if you need assistance.
The CSF has this also built in as well which works in a similar way
 
Last edited:
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
P Problem with rrd and imagick on EasyApache Web Servers and Applications 4
S NGINX Manager uninstall Causes Apache Logging Problems? Web Servers and Applications 5
J xvarnish ssl problem at easy apache 4 page Web Servers and Applications 3
A Problems activating a couple of PHP extensions in EasyApache 4 Web Servers and Applications 4
Motamedi Problem with Apache Configuration Rebuild Web Servers and Applications 1
Similar threads
Problem with rrd and imagick on EasyApache
NGINX Manager uninstall Causes Apache Logging Problems?
xvarnish ssl problem at easy apache 4 page
Problems activating a couple of PHP extensions in EasyApache 4
Problem with Apache Configuration Rebuild
Top Bottom