Strange activity in other_vhosts_access.log and massive traffic spikes
I'm seeing strange activity on a virtual host, before I explain, this is
the stack I'm running:
MySQL with a Java application running on Tomcat connecting to the database
and Apache proxying requests to Apache Tomcat via AJP.
My question, is this something the service provider needs to fix, is this
a DOS attack, is this a configuration issue (and how do I fix it) or has
the server been compromised?
netstat -t - u -c:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 domain.com:http 197-58-31-64.stati:4561 SYN_RECV
tcp 0 0 domain.com:http 59-211-115-208.sta:bgpd SYN_RECV
tcp 0 0 domain.com:http 142.54.183.93:2132 SYN_RECV
tcp 0 0 domain.com:http 52-209-115-:radius-acct SYN_RECV
tcp 0 0 domain.com:http 76-240-115-208.sta:3370 SYN_RECV
tcp 0 0 domain.com:http 23.19.58.245.rdns.:3803 SYN_RECV
tcp 0 0 domain.com:http 192.74.245.213:4604 SYN_RECV
tcp 0 0 domain.com:http 199.168.100.98:4182 SYN_RECV
tcp 0 0 domain.com:http 198.50.177.32:3641 SYN_RECV
tcp 0 0 domain.com:http fazaifwqqm.kryptcl:4952 SYN_RECV
tcp 0 0 domain.com:http 142.0.140.204:1256 SYN_RECV
tcp 0 0 domain.com:http 173.208.204.70:3954 SYN_RECV
tcp 0 0 domain.com:http 23.19.54.135.rdns.:1379 SYN_RECV
..... millions more
These are the open ports:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
2768/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
2564/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
2455/mysqld
tcp6 0 0 :::80 :::* LISTEN
1973/apache2
tcp6 0 0 :::21 :::* LISTEN
2527/proftpd: (acce
tcp6 0 0 :::22 :::* LISTEN
2564/sshd
tcp6 0 0 127.0.0.1:9020 :::* LISTEN
2955/java
tcp6 0 0 :::9021 :::* LISTEN
2955/java
tcp6 0 0 :::9022 :::* LISTEN
2955/java
And the apache log files, the Tomcat log files are quiet, within the
Apache log files, one log file is very chatty, other_vhosts_access.log
Log files:
total 7.3G
drwxr-x--- 2 root adm 4.0K Aug 14 11:39 .
drwxr-xr-x 10 root root 4.0K Aug 14 11:12 ..
-rw-r----- 1 root adm 0 Jul 21 06:25 access.log
-rw-r--r-- 1 root root 3.0K Jul 13 16:13 access.log.1
-rw-r----- 1 root adm 7.0M Aug 14 11:38 error.log
-rw-r----- 1 root adm 12M Aug 11 06:26 error.log.1
-rw-r----- 1 root adm 57K Aug 4 06:25 error.log.2.gz
-rw-r----- 1 root adm 30K Jul 28 06:25 error.log.3.gz
-rw-r--r-- 1 root root 10K Jul 21 06:25 error.log.4.gz
-rw-r----- 1 root adm 5.4G Aug 14 11:40 other_vhosts_access.log
-rw-r----- 1 root adm 1.8G Aug 11 06:26 other_vhosts_access.log.1
-rw-r----- 1 root adm 28M Aug 4 06:25 other_vhosts_access.log.2.gz
-rw-r----- 1 root adm 84K Jul 28 06:25 other_vhosts_access.log.3.gz
-rw-r--r-- 1 root root 49K Jul 21 06:25 other_vhosts_access.log.4.gz
Traffic spike
Inside other_vhosts_access.log, I see millions of these lines and the file
increases with a few MB every every couple of seconds:
domain.com:80 199.168.100.105 - - [14/Aug/2013:11:41:10 +0200] "GET
http://ads.sonital.com/ttj?id=1489570&size=300x250&cb=%5BCACHEBUSTER%5D
HTTP/1.1" 302 528 "http://www.adtocar.com/?tag=auto" "Mozilla/4.0
(Windows; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
domain.com:80 147.255.183.131 - - [14/Aug/2013:11:41:10 +0200] "GET
http://ads.creafi-online-media.com/st?ad_type=iframe&ad_size=160x600§ion=4609659&pub_url=${PUB_URL}
HTTP/1.0" 200 5752
"http://ask2health.com/index.php/global-health?start=744" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar)"
domain.com:80 137.175.14.26 - - [14/Aug/2013:11:41:10 +0200] "GET
http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D1557210%26size%3D728x90 HTTP/1.0"
200 456 "http://www.cooleveep.com/?p=168" "Mozilla/5.0 (Windows; U;
Windows NT 6.1; zh-HK) AppleWebKit/533.18.1 (KHTML, like Gecko)
Version/5.0.2 Safari/533.18.5"
domain.com:80 137.175.29.9 - - [14/Aug/2013:11:41:10 +0200] "GET
http://ib.adnxs.com/ttj?id=1551087&size=300x250 HTTP/1.0" 302 747
"http://www.edulusion.com/?p=244" "Opera/9.80 (Windows NT 6.1; U; pl)
Presto/2.7.62 Version/11.00"
domain.com:80 208.115.233.29 - - [14/Aug/2013:11:41:10 +0200] "GET
http://ad.globe7.com/st?ad_type=iframe&ad_size=300x250§ion=4600419&pub_url=${PUB_URL}
HTTP/1.0" 200 5722
"http://www.loanno.com/html/how-to-obtain-multiple-mortgages.html"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
domain.com:80 192.187.124.91 - - [14/Aug/2013:11:41:10 +0200] "GET
http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D1565126%26cb%3D%5BCACHEBUSTER%5D
HTTP/1.0" 200 456
"http://www.computerhealthcenter.com/index.php?option=com_content&view=article&id=973:health-problems-associated-with-chlorine&catid=46:computer-problems&Itemid=346"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98
domain.com:80 173.234.53.39 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1180577&cb=${CACHEBUSTER}&pubclick=${CLICK_URL}
HTTP/1.0" 302 790 "http://www.every-children.com/?p=688" "Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.28.3 (KHTML, like
Gecko) Version/3.2.3 ChromePlus/4.0.222.3 Chrome/4.0.222.3
Safari/525.28.3"
domain.com:80 64.31.53.156 - - [14/Aug/2013:11:41:10 +0200] "GET
http://ad.globe7.com/imp?Z=160x600&s=4379300&T=3&_salt=3445726147&B=12&m=2&u=http%3A%2F%2Fwww.roadtofinance.com%2Fhtml%2Fcategory%2Fpersonal-finance%2Fpage%2F49&r=1&H=http%3A%2F%2Fad.globe7.com%2Fst%3Fad_type%3Diframe%26ad_size%3D160x600%26section%3D4379300%26pub_url%3D%24%7BPUB_URL%7D&M=1
HTTP/1.0" 302 8
domain.com:80 23.19.107.233 - - [14/Aug/2013:11:41:10 +0200] "GET
HTTP/1.0" 200 5727
"http://newsterminus.com/index.php/sports-news?start=72" "Opera/9.80
(Windows NT 6.1; U; en) Presto/2.6.30 Version/10.61"
domain.com:80 142.0.128.243 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1413927 HTTP/1.0" 302 730
"http://www.educationchanged.com/?p=1606" "Mozilla/4.0 (compatible; U;
MSIE 6.0; Windows NT 5.1)"
domain.com:80 173.234.159.7 - - [14/Aug/2013:11:41:10 +0200] "GET
http://ad.globe7.com/st?ad_type=iframe&ad_size=160x600§ion=818253
HTTP/1.0" 200 5850
"http://fasttelegraph.com/index.php?view=article&catid=45%3Abusiness&id=4576%3A-stocks-continue-to-struggle-on-dubai-sales-&tmpl=component&print=1&layout=default&page=&option=com_content&Itemid=84"
"Mozilla/5.0 (Wind
domain.com:80 173.234.32.76 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1578931 HTTP/1.0" 302 730
"http://creditsxchange.com/index.php/hotdeal/5443-magazinescom-mothers-day-sale-features-amazing-deals-and-sho"
"Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko)
Chrome/14.0.803.0 Safari/535.1"
domain.com:80 64.31.53.146 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1114796 HTTP/1.0" 302 730
"http://www.derivehealth.com/noni-juice-side-effects.html" "Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727;
.NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; InfoPath.2;
.NET CLR 1.0.3705)"
domain.com:80 64.31.63.153 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1484899&referrer=[REFERRER_URL] HTTP/1.0" 302
762
"http://www.financesboot.com/how-do-i-finance-medium-sized-business-purchases.html"
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0;
SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media
domain.com:80 108.171.243.142 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/tt?id=1236946 HTTP/1.0" 302 729
"http://searchinjurylawyer.com/celebrate-great-lovers-day-with-desktop-wallpapers.html"
"Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
2.0.50727)"
domain.com:80 199.168.100.105 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1489570&size=300x250&cb=%5BCACHEBUSTER%5D
HTTP/1.1" 302 765 "http://www.adtocar.com/?tag=auto" "Mozilla/4.0
(Windows; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
domain.com:80 216.24.206.214 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1433501&referrer=[REFERRER_URL] HTTP/1.0" 302
762 "http://consolidatingprivate.com/category/debt-management"
"Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.2.4) Gecko/20100611
Firefox/3.6.4"
domain.com:80 198.2.210.220 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1519075&size=300x250&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]&pubclick=[INSERT_CLICK_TAG]
HTTP/1.0" 302 840 "http://www.healthbetterd.com/?p=610" "Mozilla/5.0
(Windows; U; Windows NT 5.1; pt-PT; rv:1.9.2.7) Gecko/20100713
Firefox/3.6.7 (.NET CLR 3.5.30729)"
domain.com:80 137.175.13.20 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1551080&size=300x250 HTTP/1.0" 302 747
"http://www.financialoverview.net/?p=676" "Mozilla/5.0 (Macintosh; U;
Intel Mac OS X 10_6_3; ru-ru) AppleWebKit/533.16 (KHTML, like Gecko)
Version/5.0 Safari/533.16"
domain.com:80 63.143.49.228 - - [14/Aug/2013:11:41:10 +0200] "GET
http://ad.globe7.com/st?ad_type=iframe&ad_size=728x90§ion=4411352&pub_url=${PUB_URL}
HTTP/1.0" 200 5797
"http://www.workinhouses.com/index.php?option=com_content&view=article&id=1702:Tax-Implications-for-Self-Employed-Consultants&catid=5&Itemid=21"
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
domain.com:80 23.19.130.124 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1184172 HTTP/1.0" 302 730
"http://ffwoman.com/index.php?option=com_content&view=article&id=852:callosity-treatment&catid=48:women-health-&Itemid=94"
"Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
domain.com:80 74.91.21.230 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ads.sonital.com/ttj?id=1499456&size=300x250&cb=%5BCACHEBUSTER%5D
HTTP/1.1" 302 528 "http://www.axvacation.com/?p=293" "Mozilla/5.0 (MSIE
7.0; Macintosh; U; SunOS; X11; gu; SV1; InfoPath.2; .NET CLR 3.0.04506.30;
.NET CLR 3.0.04506.648)"
domain.com:80 137.175.15.106 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1566222 HTTP/1.0" 302 729
"http://www.kureallu.com/?p=1262" "Mozilla/5.0 (X11; U; Linux i686; pl-PL;
rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8"
domain.com:80 198.204.249.94 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1617129 HTTP/1.1" 302 719
"http://www.adtocar.com/?p=747" "Mozilla/5.0 (compatible; MSIE 8.0;
Windows NT 5.1; SLCC1; .NET CLR 1.1.4322)"
domain.com:80 192.241.70.18 - - [14/Aug/2013:11:41:11 +0200] "GET
http://tag.contextweb.com/TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=556977&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=167386
HTTP/1.1" 302 499 "http://catchmyfame.com/" "Mozilla/5.0 (Windows; U;
Windows NT 5.2; de-DE) AppleWebKit/530.19.2 (KHTML, like Gecko)
Version/4.0.2 Safari
domain.com:80 64.120.63.117 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1489860 HTTP/1.0" 302 730
"http://www.baryageen.com/?p=971" "Opera/9.80 (X11; Linux i686; U; it)
Presto/2.7.62 Version/11.00"
domain.com:80 64.31.62.184 - - [14/Aug/2013:11:41:10 +0200] "GET
http://ad.globe7.com/st?ad_type=iframe&ad_size=160x600,120x600§ion=4064832&pub_url=${PUB_URL}
HTTP/1.0" 200 5783
"http://www.oefly.com/popular-denim-dress/denim-jacket-dress/top-5-christmas-dresses-for-girls.html"
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko)
Chrome/15.0.864.0 Sa
domain.com:80 199.168.100.115 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/bounce?%2Ftt%3Fid%3D1517317 HTTP/1.0" 200 456
"http://www.greathealthhere.com/index.php?option=com_content&view=article&id=714:biology-news-molecular-cell-developmental-biology-news&catid=43:health-news-&Itemid=93"
"Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko)
domain.com:80 64.31.45.243 - - [14/Aug/2013:11:41:11 +0200] "GET HTTP/1.0"
200 5424
"http://www.thankbusiness.com/free-places-to-advertise-on-the-internet.html"
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
001|Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1
domain.com:80 198.204.249.235 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1617129 HTTP/1.1" 302 719
"http://www.adtocar.com/?tag=first-drive" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1) AlexaToolbar"
domain.com:80 208.115.212.78 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ads.creafi-online-media.com/st?ad_type=iframe&ad_size=300x250§ion=4302386&pub_url=${http://www.insurish.com}
HTTP/1.0" 200 5914
"http://insurish.com/social-security-ponzi-scheme-collapse-will-come-sooner-with-obamacare.html"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (K
domain.com:80 192.187.121.46 - - [14/Aug/2013:11:41:11 +0200] "GET
http://www.cpmaffiliation.com/4572-300x250.js HTTP/1.0" 200 550
"http://www.greathealthhere.com/index.php?option=com_content&view=article&id=2155:events-health-worldwide-best-practices-in-health-management&catid=40:events-health-&Itemid=90"
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Ge
domain.com:80 198.200.33.8 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/tt?id=1303104 HTTP/1.0" 302 729
"http://www.autoonlife.com/?p=840" "Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR
3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MS-RTC LM 8)"
domain.com:80 199.168.100.105 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D1489570%26size%3D300x250%26cb%3D%255BCACHEBUSTER%255D
HTTP/1.1" 200 445 "http://www.adtocar.com/?tag=auto" "Mozilla/4.0
(Windows; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
domain.com:80 69.162.65.198 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ad.globe7.com/st?ad_type=iframe&ad_size=728x90,468x60§ion=4056698&pub_url=${PUB_URL}
HTTP/1.0" 200 5776
"www.oseey.com/pure-core-watch/gold-diamond-watches/the-unmistakable-style-of-diamond-watches.html"
"Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.6.30 Version/10.61"
domain.com:80 64.31.63.155 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1484899&referrer=[REFERRER_URL] HTTP/1.0" 302
762
"http://www.financesboot.com/how-to-calculate-finance-charges-for-overdue-invoices.html"
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB6.6;
SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729;
domain.com:80 23.19.47.230 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ad.tagjunction.com/imp?Z=160x600&s=2933948&T=3&_salt=3778190995&B=12&m=2&u=http%3A%2F%2Feconomysea.com%2Findex.php%3Foption%3Dcom_content%26view%3Dcategory%26layout%3Dblog%26id%3D47%26Itemid%3D97%26limitstart%3D25&r=1&H=http%3A%2F%2Fad.tagjunction.com%2Fst%3Fad_type%3Diframe%26ad_size%3D160x600%26s
domain.com:80 137.175.1.21 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1427508&size=728x90 HTTP/1.0" 302 746
"http://www.eomerrygate.com/?p=208" "Mozilla/5.0 (compatible; MSIE 7.0;
Windows NT 6.0; en-US)"
domain.com:80 198.13.113.5 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ads.deliads.com/ttj?id=1292198 HTTP/1.0" 302 505
"http://www.promotejob.com/free_mahjong_planet/index.html" "Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8"
domain.com:80 108.62.75.244 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1412909 HTTP/1.0" 302 730
"http://www.autoonlife.com/?p=1190" "Mozilla/5.0 (Windows NT 5.1;
rv:2.0b9pre) Gecko/20110105 Firefox/4.0b9pre"
domain.com:80 198.204.249.94 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D1617129 HTTP/1.1" 200 445
"http://www.adtocar.com/?p=747" "Mozilla/5.0 (compatible; MSIE 8.0;
Windows NT 5.1; SLCC1; .NET CLR 1.1.4322)"
domain.com:80 137.175.14.24 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1557210&size=728x90 HTTP/1.0" 302 746
"http://www.cooleveep.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729;
Media Center PC 6.0)"
domain.com:80 64.31.63.152 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1484892&referrer=[REFERRER_URL] HTTP/1.0" 302
762
"http://www.financesboot.com/how-can-i-terminate-my-car-loan\xa3\xbf.html/trackback"
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; Off
domain.com:80 74.91.21.230 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1499456&size=300x250&cb=%5BCACHEBUSTER%5D
HTTP/1.1" 302 763 "http://www.axvacation.com/?p=293" "Mozilla/5.0 (MSIE
7.0; Macintosh; U; SunOS; X11; gu; SV1; InfoPath.2; .NET CLR 3.0.04506.30;
.NET CLR 3.0.04506.648)"
domain.com:80 69.162.125.236 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ad.globe7.com/st?ad_type=iframe&ad_size=300x250§ion=4027189&pub_url=${PUB_URL}
HTTP/1.0" 200 5783
"http://www.eloanpath.com/index.php?option=com_content&view=article&id=918:Cash-Advance-Payday-Loans-for-Urgent-Needs&catid=29"
"Mozilla/4.76 [en] (WinNT; U)"
domain.com:80 192.187.124.101 - - [14/Aug/2013:11:41:11 +0200] "GET
http://go.adversal.com/ttj?id=1592281&size=160x600&promo_sizes=120x600&promo_alignment=center
HTTP/1.0" 302 561
"http://www.realsportgames.com/index.php/play-games-online-2/166-sports-game-online-free-play-sports-car-coloring-game"
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.1 (KHT
domain.com:80 198.204.249.235 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D1617129 HTTP/1.1" 200 445
"http://www.adtocar.com/?tag=first-drive" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1) AlexaToolbar"
domain.com:80 74.63.252.232 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1642696&referrer=[REFERRER_URL] HTTP/1.0" 302
762
"http://www.getallgame.com/html/how-to-make-your-own-online-flash-game-2.html"
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1;
.NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1;
OfficeLiveConnector.1.3;
domain.com:80 198.2.196.43 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/ttj?id=1496411&size=300x250 HTTP/1.0" 302 747
"http://www.themoderncar.com/?cat=8" "Mozilla/5.0 (X11; U; Linux x86_64;
en-ca) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+"
domain.com:80 192.187.120.251 - - [14/Aug/2013:11:41:11 +0200] "GET
http://an.z5x.net/ttj?id=1482976&size=300x250 HTTP/1.0" 302 518
"http://www.wealthboat.com/index.php?option=com_content&view=article&id=1249:wealth-creation-seminar-wealth-creation-seminar&catid=55:wealth-creation&Itemid=263"
"Mozilla/4.08 [en] (WinNT; U)"
domain.com:80 108.171.246.89 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/bounce?%2Ftt%3Fid%3D1275408 HTTP/1.0" 200 456
"http://gamesnewsbox.com/category/ebooks" "Mozilla/5.0 (Macintosh; U;
Intel Mac OS X 10.6; en-US; rv:1.9.2) Gecko/20091218 Firefox 3.6b5"
domain.com:80 64.31.53.21 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ad.globe7.com/st?ad_type=pop&ad_size=0x0§ion=4035975&banned_pop_types=29&pop_times=1&pop_frequency=0&pop_nofreqcap=1&pub_url=${PUB_URL}
HTTP/1.0" 200 5566
"http://smallbrightbusinessidea.com/index.php?option=com_content&view=article&id=269:How-to-Become-a-Cop-in-Missouri--&catid=139&Itemid=83"
"
domain.com:80 72.52.72.112 - - [14/Aug/2013:11:41:11 +0200] "GET
http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D1165515 HTTP/1.0" 200 456
"www.liekkas.com/?p=9849" "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT
6.0; WOW64; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; c .NET CLR
3.0.04506; .NET CLR 3.5.30707; InfoPath.1; el-GR)"
I don't have a default config to catch all traffic and my virtual host
config inside sites-enabled is as follows:
<VirtualHost domain.com:80>
ServerName domain.com
ServerAlias www.domain.com
# Do Not Proxy Static Content
ProxyPass /phpmyadmin !
ProxyPass /static !
AliasMatch ^/static/(.*)$ /home/domain/static/$1
<Directory /home/domain/static/images>
Order allow,deny
Allow from all
<FilesMatch "\.(gif|jpg|png|ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 week"
</FilesMatch>
</Directory>
<Directory /home/domain/static/js>
Order allow,deny
Allow from all
<FilesMatch "\.(js)$">
ExpiresActive On
ExpiresDefault "access plus 1 week"
</FilesMatch>
</Directory>
<Directory /home/domain/static/styles>
Order allow,deny
Allow from all
<FilesMatch "\.(css)$">
ExpiresActive On
ExpiresDefault "access plus 1 week"
</FilesMatch>
</Directory>
ProxyRequests On
ProxyPreserveHost On
<Proxy *>
Allow from all
</Proxy>
ProxyPass / ajp://127.0.0.1:9022/
ProxyPassReverse / ajp://127.0.0.1:9022/
addType image/png .png
addType image/gif .gif
addType image/jpeg .jpg
addType image/icon .ico
addType text/css .css
addType application/x-javascript .js
</VirtualHost>
When I add this into the same config:
<VirtualHost *:80>
ServerName .
ServerAlias *
ErrorDocument 401 /index.html
ErrorDocument 403 /index.html
ErrorDocument 404 /index.html
ErrorDocument 500 /index.html
</VirtualHost>
... my apache error log starts growing rapidly with the following type of
garbage:
[Wed Aug 14 11:51:45 2013] [error] [client 198.2.200.58] File does not
exist: /var/www/ttj, referer: http://www.educahere.com/?p=359
[Wed Aug 14 11:51:45 2013] [error] [client 208.115.240.182] File does not
exist: /var/www/ttj, referer:
http://www.getallgame.com/html/category/games-online/page/13
[Wed Aug 14 11:51:45 2013] [error] [client 198.204.240.90] File does not
exist: /var/www/ttj, referer: http://www.adtocar.com/?tag=first-drive
[Wed Aug 14 11:51:45 2013] [error] [client 64.31.50.28] File does not
exist: /var/www/st, referer:
http://www.businessd.com/index.php?option=com_content&view=article&id=384:Cents-Off:-How-Much-of-a-Discount-Should-You-Offer?&catid=3
[Wed Aug 14 11:51:45 2013] [error] [client 198.2.211.8] File does not
exist: /var/www/ttj, referer: http://www.memujourney.com/?p=745
[Wed Aug 14 11:51:45 2013] [error] [client 198.2.200.19] File does not
exist: /var/www/ttj, referer: http://www.fashionergoing.com/?p=725
[Wed Aug 14 11:51:46 2013] [error] [client 137.175.1.44] File does not
exist: /var/www/ttj, referer: http://www.bedumatic.com/?p=856
[Wed Aug 14 11:51:46 2013] [error] [client 142.4.109.88] File does not
exist: /var/www/ttj, referer: http://www.sponutrition.com/?p=242
[Wed Aug 14 11:51:46 2013] [error] [client 198.2.196.59] File does not
exist: /var/www/ttj, referer: http://www.everyhealthor.com/?p=644
[Wed Aug 14 11:51:46 2013] [error] [client 137.175.0.74] File does not
exist: /var/www/ttj, referer: http://www.tripsday.com/?p=81
[Wed Aug 14 11:51:46 2013] [error] [client 208.115.222.4] File does not
exist: /var/www/st, referer:
http://www.barbiehumana.com/index.php?option=com_content&view=article&id=10109:Mastercard-Q&A&catid=5&Itemid=3
[Wed Aug 14 11:51:46 2013] [error] [client 208.115.211.56] File does not
exist: /var/www/st, referer:
http://www.loanrmg.com/index.php?option=com_content&view=article&id=2149:For-What-Types-of-Things-Can-You-Get-a-Personal-Loan?--&catid=11
[Wed Aug 14 11:51:46 2013] [error] [client 63.143.45.120] File does not
exist: /var/www/st, referer:
http://salemethods.com/index.php?option=com_content&view=article&id=182:The-Difference-Between-Network-Marketing-and-Internet-Marketing&catid=2:business
[Wed Aug 14 11:51:46 2013] [error] [client 173.234.188.198] File does not
exist: /var/www/ttj, referer:
http://businessems.com/index.php/new-businesses?start=48
[Wed Aug 14 11:51:46 2013] [error] [client 69.162.119.34] File does not
exist: /var/www/st, referer:
http://www.withautodesk.com/html/how-to-fill-a-curve-in-maya.html
[Wed Aug 14 11:51:46 2013] [error] [client 137.175.12.124] File does not
exist: /var/www/ttj, referer: http://www.healthttip.com/?p=1323
[Wed Aug 14 11:51:46 2013] [error] [client 63.143.59.124] File does not
exist: /var/www/tt, referer:
http://ooeoy.com/weight-loss-programs/nutrisystem-online-weight-loss-program-can-it-help-you-lose-weight.html
[Wed Aug 14 11:51:46 2013] [error] [client 198.204.249.237] File does not
exist: /var/www/ttj, referer: http://www.adtocar.com/?p=823
[Wed Aug 14 11:51:46 2013] [error] [client 76.164.230.199] File does not
exist: /var/www/st, referer: http://www.gamesacts.com/Puzzle/985.html
[Wed Aug 14 11:51:46 2013] [error] [client 198.204.249.235] File does not
exist: /var/www/ttj, referer: http://www.adtocar.com/?tag=auto
[Wed Aug 14 11:51:46 2013] [error] [client 137.175.1.53] File does not
exist: /var/www/ttj, referer: http://www.gocarehealth.com/?cat=5
[Wed Aug 14 11:51:46 2013] [error] [client 198.2.200.37] File does not
exist: /var/www/ttj, referer: http://www.autoenergysaving.com/
[Wed Aug 14 11:51:46 2013] [error] [client 192.74.246.76] File does not
exist: /var/www/ttj, referer: http://www.gameetu.com/?p=57
[Wed Aug 14 11:51:46 2013] [error] [client 192.34.109.104] File does not
exist: /var/www/ttj, referer:
http://opt.cdxndirectopt.com/delivery/apre.php?clid=2690251.4069463.1807260.1914924&pui=2&q=_r&r=de&pt=1
[Wed Aug 14 11:51:46 2013] [error] [client 198.2.200.22] File does not
exist: /var/www/ttj, referer: http://www.fashionergoing.com/?p=464
[Wed Aug 14 11:51:46 2013] [error] [client 173.208.185.237] File does not
exist: /var/www/ttj, referer: http://www.axvacation.com/
[Wed Aug 14 11:51:46 2013] [error] [client 198.204.249.235] File does not
exist: /var/www/ttj, referer: http://www.adtocar.com/?tag=import
[Wed Aug 14 11:51:46 2013] [error] [client 208.115.200.213] File does not
exist: /var/www/st, referer:
http://citicardsfree.com/index.php?option=com_content&view=article&id=222:Loans-for-cosmetic-surgery:-Personal-grooming-made-easy&catid=2&Itemid=19
[Wed Aug 14 11:51:46 2013] [error] [client 208.115.226.131] File does not
exist: /var/www/st, referer:
http://domarketings.com/index.php?option=com_content&view=article&id=1495:On-Site-Team-Building&catid=2:business
[Wed Aug 14 11:51:46 2013] [error] [client 64.31.38.131] File does not
exist: /var/www/st, referer:
http://keepfit-tips.com/body-building-diet/how-to-increase-your-metabolism.html
[Wed Aug 14 11:51:46 2013] [error] [client 137.175.1.3] File does not
exist: /var/www/ttj, referer: http://www.beautdiet.com/?p=1158
[Wed Aug 14 11:51:46 2013] [error] [client 192.74.246.76] File does not
exist: /var/www/ttj, referer: http://www.gameetu.com/?cat=6
[Wed Aug 14 11:51:46 2013] [error] [client 192.74.240.113] File does not
exist: /var/www/ttj, referer: http://www.educahere.com/?p=969
[Wed Aug 14 11:51:46 2013] [error] [client 137.175.68.83] File does not
exist: /var/www/ttj, referer: http://www.tripsday.com/?p=69
Any ideas?
No comments:
Post a Comment