GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Wtf is going on.. (https://gfy.com/showthread.php?t=93439)

FireFoz 12-12-2002 10:58 AM
Wtf is going on..
 
The server my paysite runs on is sometimes very very slow.
I dont know whats going on then, but for like 10 minutes long its nearly accessable. Now after a few months going through that bullshit, i decided to go and find out whats going on. So i've logged in with telnet, and i saw thats its httpd requestst that is making the server slow. I tried to view log files, but some were 450 mb big so that wasnt really an option. Somehow i figured out that it was my paysite though, because when the server was slow again, and i suspended my paysite (so it wont be accessable anymore) the server load became normal again. Then when i turned my paysite back on, bam, the server was heavily loaded.

Ok, so the problem is with the pay site. I have check all scripts and my php code, but cant find shit. Now i just got the appache log file for the domain, and check this out...:

Code:
210.248.31.162 - Motion [12/Dec/2002:08:32:32 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.0 ( compatible; MSIE 5.01; Windows NT4.0; DigiExt )"
210.163.97.146 - Mother [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; [de]; Windows 95; DigiExt )"
210.248.226.226 - Motion [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; [de]; AOL 5.0; NetCaptor )"
210.80.207.147 - Motorway [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; [dk]; Windows 98; FREEI v2.53 )"
211.174.232.226 - Mottle [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.73 ( compatible; MSIE 5.0; Windows 95; TWRAITH )"
211.174.58.115 - Mottle [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; [de]; Windows 95; win9x/NT 4.90 )"
206.19.38.189 - 12345 [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.73 ( compatible; MSIE 4.01; Windows NT5.0; DigiExt )"
210.160.187.50 - Mother [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.73 ( compatible; MSIE 4.0; Windows 98; DigiExt )"
211.20.122.86 - Moulding [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; MSIE 5.0; Windows NT5.0; NetCaptor )"
210.8.232.4 - Motion [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.0 ( compatible; MSIE 4.0; Windows NT4.0; FREEI v2.53 )"
211.232.147.118 - Moulding [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.73 ( compatible; MSIE 4.0; Windows NT5.0; DigiExt )"
205.216.125.18 - Morgant [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.0 ( compatible; [jp]; AOL 5.0; athome0107 )"
211.114.62.130 - Mottle [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.72 ( compatible; MSIE 5.0; Windows NT5.0; athome0107 )"
211.233.27.188 - Mountain [12/Dec/2002:08:32:33 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.6 ( compatible; MSIE 5.0; Windows 95; NetCaptor )"
209.249.56.178 - Moscow [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; MSIE 5.01; Windows NT4.0; NetCaptor )"
211.28.96.71 - Mouse [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.72 ( compatible; [jp]; Windows 95; DigiExt )"
211.233.80.64 - Mountain [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/3.01 ( compatible; [de]; Windows 95; FREEI v2.53 )"
211.33.197.243 - Mouse [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; [dk]; Windows 98; FREEI v2.53 )"
211.0.70.226 - Motown [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/3.01 ( compatible; MSIE 4.01; Windows 98; DigiExt )"
211.11.212.98 - Motsche [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; MSIE 5.5; Windows 95; DigiExt )"
211.9.128.182 - Movies [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; [de]; Windows 95; win9x/NT 4.90 )"
211.5.85.221 - Mouse [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/3.01 ( compatible; MSIE 5.0; Windows NT4.0; FREEI v2.53 )"
211.72.119.156 - Mouses [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; [de]; Windows 95; DigiExt )"
206.19.38.189 - 124356 [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.7 ( compatible; MSIE 5.01; Windows NT4.0; DigiExt )"
206.19.38.189 - 050365 [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.6 ( compatible; [fr]; AOL 5.0; DigiExt )"
210.249.37.66 - Monkey [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com:80" "Mozilla/4.72 ( compatible; [de]; AOL 5.0; athome0107 )"
206.19.38.189 - 1309159 [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.72 ( compatible; [de]; AOL 5.0; athome0107 )"
206.19.38.189 - 195050 [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.7 ( compatible; [jp]; Windows NT5.0; athome0107 )"
206.19.38.189 - 167123 [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.72 ( compatible; [dk]; Windows NT4.0; DigiExt )"
206.19.38.189 - 2alpha [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.73 ( compatible; [de]; Windows 98; DigiExt )"
212.160.144.100 - Moycos [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.7 ( compatible; MSIE 5.0; Windows NT5.0; NetCaptor )"
206.19.38.189 - 2bachman [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.73 ( compatible; MSIE 4.0; Windows 95; DigiExt )"
212.166.5.129 - Moycos [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.73 ( compatible; MSIE 4.0; Windows NT5.0; DigiExt )"
206.19.38.189 - 37239967 [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.7 ( compatible; [fr]; AOL 5.0; DigiExt )"
206.19.38.189 - 19indian [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.72 ( compatible; [jp]; Windows NT4.0; ezn IE )"
206.19.38.189 - 39501828 [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.73 ( compatible; [dk]; Windows NT5.0; DigiExt )"
211.43.23.10 - Mouse [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.0 ( compatible; MSIE 5.01; Windows NT4.0; DigiExt )"
212.138.47.12 - Movies [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.73 ( compatible; [dk]; AOL 5.0; NetCaptor )"
206.19.38.189 - 2110glen [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.6 ( compatible; MSIE 5.0; AOL 5.0; DigiExt )"
206.19.38.189 - 3221975 [12/Dec/2002:08:32:35 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.0 ( compatible; MSIE 5.01; Windows 98; DigiExt )"
206.19.38.189 - 39488083 [12/Dec/2002:08:32:35 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.0 ( compatible; MSIE 4.01; Windows NT5.0; DigiExt )"
206.19.38.189 - 36215308 [12/Dec/2002:08:32:35 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.72 ( compatible; MSIE 5.01; Windows 95; DigiExt )"
206.19.38.189 - 260651 [12/Dec/2002:08:32:35 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/3.01 ( compatible; MSIE 5.0; Windows 95; TWRAITH )"
206.19.38.189 - 242448 [12/Dec/2002:08:32:35 -0700] "HEAD /members/ HTTP/1.1" 200 841 "http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.0 ( compatible; MSIE 4.01; Windows NT5.0; ezn IE )"
Wtf? It looks like this site "busty-brigitte.com" is fucking with me? I never really looked into log files, but i the first number is obviously the ip, and then then a login name...its ordered alfabetic..

is that site brute force attacking me?

can someone tell me more?
its kinda pissing me off, and what sux is that they are all different ips, so i cant just block the ip... :/

FireFoz 12-12-2002 11:00 AM
that is btw just a small part of the log, it goes from a-z and then 0-9 (the usernames)

rip raster 12-12-2002 11:07 AM
GET A LOG ANALYZER

LUCL0NELY 12-12-2002 11:08 AM
you can contact me before you post it here.


i didn't mean to do it thou

Theo 12-12-2002 11:11 AM
join the paysite and see if he is giving access to his members in your own paysite!

http://www.busty-brigitte.com/prev/join.htm

FireFoz 12-12-2002 11:11 AM
Quote:
Originally posted by LUCL0NELY
you can contact me before you post it here.


i didn't mean to do it thou
So that site is yours? or what? If it is contact me at icq 6981021 and we'll have a chat.

Im not saying anyone is doing anything, im just saying my server gets heavily loaded and post this log.

Theo 12-12-2002 11:15 AM
or as you said it might BF you

"http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.7 ( compatible; MSIE 5.01; Windows NT4.0; DigiExt )"
206.19.38.189 - 050365 [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841

hm

the ip 206.19.38.189 is the official site of San Diego city

FireFoz 12-12-2002 11:20 AM
Quote:
Originally posted by Soul_Rebel
or as you said it might BF you

"http://www.busty-brigitte.com/bbheaven/home.htm" "Mozilla/4.7 ( compatible; MSIE 5.01; Windows NT4.0; DigiExt )"
206.19.38.189 - 050365 [12/Dec/2002:08:32:34 -0700] "HEAD /members/ HTTP/1.1" 200 841

hm

the ip 206.19.38.189 is the official site of San Diego city
hmm that is odd...
but if you look at this part of the log:

Code:
211.11.212.98 - Powers [12/Dec/2002:08:43:48 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.73 ( compatible; [en]; Windows 98; NetCaptor )"
211.20.122.86 - Powers [12/Dec/2002:08:43:48 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.6 ( compatible; [en]; Windows 98; FREEI v2.53 )"
200.29.20.232 - Pottss [12/Dec/2002:08:43:48 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.73 ( compatible; [jp]; Windows NT4.0; athome020 )"
210.248.31.162 - Powers [12/Dec/2002:08:43:48 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.73 ( compatible; MSIE 5.01; AOL 5.0; DigiExt )"
211.233.27.188 - Powers [12/Dec/2002:08:43:48 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.6 ( compatible; MSIE 5.0; AOL 5.0; FREEI v2.53 )"
210.248.226.226 - Powers [12/Dec/2002:08:43:48 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.73 ( compatible; [en]; Windows 98; DigiExt )"
210.249.37.66 - Powers [12/Dec/2002:08:43:48 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.6 ( compatible; MSIE 5.0; AOL 5.0; athome0107 )"
211.232.147.118 - Powers [12/Dec/2002:08:43:48 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/3.01 ( compatible; [fr]; Windows NT5.0; FREEI v2.53 )"
211.28.96.71 - Powers [12/Dec/2002:08:43:48 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.72 ( compatible; [de]; Windows 98; athome0107 )"
210.226.82.210 - Powerpc [12/Dec/2002:08:43:48 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.72 ( compatible; [jp]; Windows 98; ezn IE )"
212.208.183.189 - Pookie [12/Dec/2002:08:43:49 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/3.01 ( compatible; MSIE 4.01; Windows 98; MSNIA )"
211.33.197.243 - Powers [12/Dec/2002:08:43:49 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/3.01 ( compatible; MSIE 5.0; Windows NT4.0; FREEI v2.53 )"
212.160.144.100 - Powerup [12/Dec/2002:08:43:49 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.6 ( compatible; MSIE 5.0; AOL 5.0; FREEI v2.53 )"
211.9.128.182 - Powers [12/Dec/2002:08:43:49 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/4.72 ( compatible; MSIE 4.01; Windows NT5.0; DigiExt )"
211.72.119.156 - Powers [12/Dec/2002:08:43:49 -0700] "HEAD /members/ HTTP/1.0" 200 841 "http://www.teenchase.com/members/" "Mozilla/3.01 ( compatible; [en]; Windows NT5.0; DigiExt )"
that has nothing to do with busty-brigette.com (i think) and a lot of different ips :/

Cohen 12-12-2002 11:23 AM
is it the new JesusBot in a betatest run?

LUCL0NELY 12-12-2002 11:25 AM
Quote:
Originally posted by Cohen
is it the new JesusBot in a betatest run?

maybe, who knows ?

I guess the Jesus group attck him

smileygirls 12-12-2002 11:32 AM
Foz,

would you mind walking me through checking my own logs?
Or does anyone know how to find out the same info Firefoz just found out?

Any help would be appreciated.

Smileygirls
(Ravinwall)

FireFoz 12-12-2002 12:01 PM
Ok im quite sure its a BF. Im not sure what im gonna do about it yet :/

FireFoz 12-12-2002 12:23 PM
I think i got a solution against BF attacks :D

i'll make it and post it later here.

FireFoz 12-12-2002 12:23 PM
Quote:
Originally posted by smileygirls
Foz,

would you mind walking me through checking my own logs?
Or does anyone know how to find out the same info Firefoz just found out?

Any help would be appreciated.

Smileygirls
(Ravinwall)
Contact me at icq.


All times are GMT -7. The time now is 11:35 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123