请大家帮我看一下，我是不是受到了攻击，有什么好办法解决呢？

superwolfman · 发表于 2005-3-21 22:13:07

请大家帮我看一下，我是不是受到了攻击，有什么好办法解决呢？

xx.xx.xx.xx是我的apache，web服务器的IP地址。

[root@almail root]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address          Foreign Address       State
tcp       0    0 *:mysql                *:*                   LISTEN
tcp       0    0 *:9708                *:*                   LISTEN
tcp       0    0 *:9709                *:*                   LISTEN
tcp       0    0 *:pop3                *:*                   LISTEN
tcp       0    0 *:http                *:*                   LISTEN
tcp       0    0 xx.xx.xx.xx:http    sirimole.unicap.b:47766 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    80.58.32.237.prox:37175 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    oh-oakharbor2a-90.:4942 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    client-201.240.5.:22320 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    213.56.52.252:35242    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    81-90-246-201.ads:31823 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200.250.252.6:57376    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    ool-435147d2.dyn.o:4510 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    64-251-243-183.up.:2303 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    astound-64-83-203-:4650 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    proxy-1.tts.lt:36791 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200.211.98.141:24988 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    node249-75.sim.db.:1083 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    pg1px.pg.com:43939    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    146.155.intelnet.:48519 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    193.251.169.174:61150 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    h00095bc30dfd.ne.:19425 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    81-178-190-134.ds:10226 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    1Cust6528.an1.det1:1078 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    ppp-5-195.24-151.l:1090 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200.93.233.146:53294 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    f0.gate3.naukanet.:1355 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    user-v8lcqmr.dialu:1067 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    adsl1-s1-4.client.:1048 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    12.28.8.203:60453    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    194.105.237.15:35545 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    209.208.225.163:1116 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    c-67-165-42-160.c:60315 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    218.191.131.246:4638 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200.203.223.133:3147 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    213.175.169.2:49166    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    pcp02694560pcs.roy:1043 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    dialup-4.247.221.1:1212 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    ausisaps302-dmz.a:53801 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    cm37.sigma53.maxon:2358 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    81.23.96.54:4129       SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    ftm1.rain.fr:39011    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    84.94.186.248.cab:23600 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    host-81-190-58-154:1134 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    proxy.karelia.ru:59343  SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    AMontpellier-251-1:1288 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    c-67-175-158-9.cli:1112 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    cache7-4.ruh.isu.:31038 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    80.58.4.109.proxy:60099 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    asb98.internetdsl.:1498 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    222.238.70.64:1048    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    adsl-220-37-81.sav:1218 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    teamearthsafe.com:1928  SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    c-66-176-83-173.se:1060 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    ip-cust10226.tele:45175 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    61.172.35.14:3201    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    3E6B3031.rev.stofa:9282 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    abb26.internetdsl:18489 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    w050.z065104134.pi:2978 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    p213.54.162.110.ti:1054 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    d60-65-203-212.col:1107 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    fwmad.mediaplanni:47714 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    0-2pool253-143.nas:3976 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    proxy.aaanet.ru:50021 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    proxy.interecho.c:10809 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    proxy.cornet.am:4098 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    toronto-HSE-ppp39:12077 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    host121-179.pool8:25462 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200.35.210.160:1187    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    81.80.135.245:27936    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    a80-127-155-10.ads:3982 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    201.3.12.78:50801    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    static.host852.su:61039 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    user-0ccen0f.cable:1226 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    olympia.okocim.co:59098 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    62.48.229.47:2190    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200-170-119-126.us:1067 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    211.116.82.44:1690    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    ACD43561.ipt.aol.c:3684 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    host141.m.digizap.:1082 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    217.109.138.220:52329 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    cm-cabonatal:supfiledbg SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    213-145-151-98.ads:4590 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    host-82-135-33-154:1574 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    198.68.28.154:16650    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200-206-33-106.cbo:1049 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    66-163-11-151.ip.t:1065 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    213.140.27.114:38389 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    0-1pool208-21.nas1:1093 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    bb-e01.state.wy.u:24387 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    host146-98.pool80:33890 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    mail1.iru.ru:61820    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    auk131.neoplus.ads:4766 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    80.58.50.109.prox:46035 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200-153-193-20.ds:42356 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    adsl-217-190-165.:50202 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    pcp446843pcs.bart:15952 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    proxy2.wlink.com.:50985 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    static-70-19-115-:16224 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    bzq-219-234-82.po:40857 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    adsl-69-215-141-2:57530 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    adsl-222-156-170.:50740 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    cp122352-a.venlo1.:2177 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    217.114.33.15:16538    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    h121.29.109.12.cab:1121 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    Laubervilliers-15:19474 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    84-120-70-108.onoc:4470 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    AC9ABA93.ipt.aol.c:1145 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    a80-186-33-132.eli:1071 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    Laubervilliers-15:19474 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    AC9ABA93.ipt.aol.c:1145 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    a80-186-33-132.eli:1071 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    75.79.206.194.ads:57740 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    83.102.141.101:4778    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    adsl3-1-201.du.si:39422 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    acq26.internetdsl.:3956 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    proxy.kyivstar.ne:61029 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    65.93.244.202:32965    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200165217222.user.:2308 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    213.182.174.124:56580 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    dsl85-99-27554.ttn:4742 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    69-216-24-226.sta:27744 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    213.171.32.209:60686 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200-158-48-73.dsl:42215 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    p54A0D274.dip.t-di:1082 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    customer-TEP-169-1:4388 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200-159-58-98.cus:21037 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    M1123P005.adsl.hig:1556 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    tc01-216-34-188-19:1059 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    213.171.32.209:60946 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    148.154.intelnet.n:2888 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    adsl-68-248-238-24:4302 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    pcp0011903685pcs.d:3720 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    adsl-9-205-165.mi:50321 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200.244.23.31:1094    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    lbimgs09.soz.univi:3034 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    213.171.32.209:60946 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    148.154.intelnet.n:2888 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    adsl-68-248-238-24:4302 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    adsl-9-205-165.mi:50321 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    200.244.23.31:1094    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    64-108-111-243.de:29620 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    61.1.188.195:1086    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    ctb-cache1-vif1.s:42514 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    150.176.95.100:24577 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    134.50.232.137:2465    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    tanks.capfed2.sin:40738 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    80.58.50.109.prox:50575 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    proxy3-out.whirlp:35504 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    113-135-193.adsl.c:1147 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    ns3.provincebg.ru:39443 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    ipc379262d.dial.pl:1072 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    183.5.97-84.rev.ga:1285 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    rrcs-67-52-228-21:45438 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    81.144.226.100:14836 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    62.56.152.183:l2tp    SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    host84-225.pool817:2094 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    bullitt.austin.pp:23069 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    host68-64.pool817:25328 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    chl.cherry.ateleco:1105 SYN_RECV
tcp       0    0 xx.xx.xx.xx:http    166.114.98.33:1053    SYN_RECV
.
.
.
.
.

mikkoyue · 发表于 2005-3-22 12:18:25

这。。。从这里看不出来吧？是不是服务器反应很慢了？而你也觉得访问量并不是很大？请检查一下你的网页上的脚本。以前我也遇到过这问题。

superwolfman · 发表于 2005-3-22 12:23:03

对，是服务器反应得慢呐。可这并不是什么商业网站，所以不可能有那么多的IP地址来访问。再有，没有动态的网页，只有静态的呐。所以出现这样的情况不正常

mikkoyue · 发表于 2005-3-22 13:21:39

啊？只有静态的网页还会这样？这种情况我倒没遇到过，以前我遇到类似的情况时，如果访问网站上的静态网页，打开还是很快的。我猜可能是有人在攻击你吧，不过，在这方面我的道行太浅了，想不明白。

superwolfman · 发表于 2005-3-22 20:45:08

多谢你的热心呐~~~..^_^

Yuri · 发表于 2005-3-24 09:44:38

有文件提供下载吗？

superwolfman · 发表于 2005-3-24 16:29:49

没有~~~

kecai_cale · 发表于 2005-3-25 22:10:50

好象是被别人做了代理，你是否有内网？

kecai_cale · 发表于 2005-3-25 22:12:26

作个本机的弱点扫描

kecai_cale · 发表于 2005-3-25 22:16:49

可以参考论坛的：解析Linux网络分析的三大利器

		自动登录	找回密码
密码			注册