
We_are_looking_for_not_found_pages - bbox_developers
Hi there,<p>we get a few million hit by someone from various ip adresses (always different or random i think).<p>The page they request: blog.businessbox.hu&#x2F;we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages<p>Does anyone has idea who the hell wanted hack our site??? Is this a common or known thing?
======
datalist
Do you mean you receive

    
    
        GET http://blog.business.......
    

requests? In that case this is most likely a scan for open proxies. Why such a
long URL is a different question. That might be an attempt to get a buffer
overflow, though a bit weird in combination with a potential proxy scan.

A quick search did not show any particular reports about that particular host
and/or request path however.

~~~
bbox_developers
Thanks!

First time i think, this is a common spam for get my attention to some not
found page creator, but when it crashes the apache i start to look forward to
known attacks...

~~~
datalist
It can be spam, doesnt have to be however.

Also, is it the request or the referrer? As for crashing, that shouldnt
happen. Why exactly does it crash?

------
herbst
sounds like a job for Fail2ban

~~~
bbox_developers
No, it's isn't, it'll crash with FAil2ban too, beceuse the problem lays under
the too much request - from new IP-s, and not from a few ):

