apache problem...ddos attack?

dethman

Well-Known Member
PartnerNOC
Jan 4, 2003
120
0
166
Buenos Aires, Argentina
cPanel Access Level
DataCenter Provider
Hello, i have a problem with apache and ddos attack

for example error_log of apache

[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK mpvsgczrq
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [notice] child pid 8907 exit signal Segmentation fault (11)
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK xdozdcyxa
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK gmibuerfe
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK xegnbic
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK xegnbic
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK wplkckyy
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK hudszkwea
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK matrmnvzy
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK dtictrxy
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK zkjwqmz
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK niohrtazm
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path

this error
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on a component of the path

because i change the permissions of htdocs...
the question is for this error:
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] Invalid URI in request NICK niohrtazm
what is this? and how to fix?
i have the dos_evasive, mod_security, and ddos instaled in the server.
And for the command line block by iptables thats ips and they change or they are generated almost right away

Thanks
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
dethman said:
[Wed Oct 4 16:42:50 2006] [error] [client 68.238.196.60] (13)Permission denied: access to /400.shtml failed because search permissions are missing on
You can block this person's IP address using iptbales.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
dethman said:
Thanks for the answer :)
yes I do that, but automatically they appear others ips doing the same and is constant.
You can install APF and BFD to block these recurring IPs, and stop/minimize their attacks.
 

ramprage

Well-Known Member
Jul 21, 2002
655
0
166
Canada
I have a custom DDoS script that can block multiple attacks automatically if you need assistance.
The CSF has this also built in as well which works in a similar way
 
Last edited: