ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 


  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá












     áòèé÷ :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ÍÌÑ ÁÔÁËÁ =(



ÎÁ×ÅÒÎÏÅ ÐÉÎÁÔØ ÂÕÄÅÔÅ ÎÅ × ÔÅÍÕ ÒÁÓÓÙÌËÉ, ÎÏ ÓÖÁÌØÔÅÓØ!!!

Ó 12 ÞÁÓÏ× ÌÅÖÉÍÓ =(

ÞÅ ÄÅÌÁÔØ ÕÖÅ ÉÄÅÉ ËÏÎÞÁÌÉÓØ
ÐÅÒÅËÒÕÔÉÌ sysctl ÕÖÅ ×Ï ×ÓÅ ÓÔÏÒÏÎÙ
ÓÅÒ×ÁË ÎÁÞÁÌ ÎÅÍÎÏÇÏ ÐÏÌÚÁÔØ, ÎÏ ËÁË ÔÏÌØËÏ
nginx ÚÁÐÕÓËÁÀ × ËÏÎÓÏÌØ ÓÒÁÚÕ ÎÁÞÉÎÁÅÔ ×ÁÌÉÔÓÑ

Dec š8 23:56:08 mail kernel: interrupt storm detected on "irq257:"; throttling interrupt source š š š š š š š š š š š š š š š š š šš
Dec š8 23:56:08 mail kernel: Limiting open port RST response from 169 to 50 packets/sec š š š š š š š š š š š š š š š š š š š š š šš
Dec š8 23:56:09 mail kernel: interrupt storm detected on "irq257:"; throttling interrupt source š š š š š š š š š š š š š š š š š šš
Dec š8 23:56:09 mail kernel: Limiting open port RST response from 230 to 50 packets/sec

× ÌÏÇÁÈ ÐÏÌÎÏ:

80.138.138.94 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
190.6.98.66 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š š
86.145.74.140 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
94.166.77.69 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š šš
91.180.86.39 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š šš
85.53.186.1 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š š
212.183.51.17 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
41.236.145.161 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š šš
86.145.74.140 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
86.145.74.140 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
174.94.89.6 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š š
79.163.193.213 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š šš
217.127.141.138 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š
41.174.55.82 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š šš
41.137.57.40 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š šš
188.216.9.195 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
174.94.42.254 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
85.53.186.1 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š š
90.185.113.115 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š šš
190.9.13.80 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š š
87.93.70.183 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š šš
41.234.38.71 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.0" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š šš
83.49.187.205 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
77.255.195.130 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š šš
187.32.225.121 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.0" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š šš
91.3.209.102 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š šš
151.50.222.208 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š šš
83.45.131.156 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
89.152.45.217 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
77.27.197.189 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š š š
190.132.119.21 - - [08/Dec/2010:23:32:16 +0300] "GET / HTTP/1.1" 0 0 "-" "IE 7.0" š š š š š š š š š š š š š š š š š š š š š š š š šš

ÞÔÏ ÓÄÅÌÁÎÏ
1. fail2ban ÎÁÔÒÁ×ÌÅÎ ÎÁ ÐÏÉÓË ÁÇÅÎÔÁš"IE 7.0" š- ÂÌÏÞÉÔ, ÎÏ ÎÅ ÓÐÁÓÁÅÔ
2. ×ÒÅÍÅÎÎϚlocation = / { return 200; } - ÎÅ ÓÐÁÓÁÅÔ
3.šif ($http_user_agent = "IE 7.0" ) { return 412;} š š š š š š š š š š š š š š š š š š š š š š š š š š š š š š š š š š š š š š
šš š š šif ($http_referer = "") { return 412;} - ÔÏÖ ÎÅ ÓÔÁÓÁÅÔ
4. sysctl - ÎÁËÒÕÞÅÎ

sysctl -n kern.ipc.numopensockets
90228

# netstat -Lan
Current listen queue sizes (qlen/incqlen/maxqlen)
Proto Listen š š š š Local Address š š š šš
tcp4 š0/0/128 š š š š*.4949 š š š š š š š šš
tcp4 š0/0/4096 š š š 88.212.196.18.443 š š š
tcp4 š0/0/4096 š š š 88.212.196.18.80 š š šš
tcp4 š0/0/128 š š š š*.22 š š š š š š š š šš
tcp4 š0/0/500 š š š š*.25 š š š š š š š š šš
tcp4 š0/0/5 š š š š š88.212.196.18.5666 š šš
tcp4 š0/0/20 š š š š 127.0.0.1.53 š š š š šš
tcp4 š0/0/511 š š š š127.0.0.1.80 š š š š šš
Some tcp sockets may have been created or deleted.
unix š0/0/1 š š š š š/var/run/fail2ban/fail2ban.sock
unix š0/0/4 š š š š š/var/run/devd.pipe

# netstat -m š
1377/36183/37560 mbufs in use (current/cache/total)
754/33038/33792/33792 mbuf clusters in use (current/cache/total/max)
36/1628 mbuf+clusters out of packet secondary zone in use (current/cache)
0/0/0/16896 4k (page size) jumbo clusters in use (current/cache/total/max)
0/0/0/8448 9k jumbo clusters in use (current/cache/total/max)
0/0/0/4224 16k jumbo clusters in use (current/cache/total/max)
1852K/75121K/76974K bytes allocated to network (current/cache/total)
0/17954981/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
0/0/0 requests for jumbo clusters denied (4k/9k/16k)
0/0/0 sfbufs in use (current/peak/max)
0 requests for sfbufs denied
0 requests for sfbufs delayed
1377 requests for I/O initiated by sendfile
0 calls to protocol drain routines

ËÁË ÅÝÅ ÂÏÒÏÔØÓÑ ?????
_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://nginx.org/mailman/listinfo/nginx-ru


 




Copyright © Lexa Software, 1996-2009.