Is this ddos attack? How to handle it?

Discussion in 'HOWTO-Related Questions' started by skysky, Mar 15, 2024.

  1. skysky

    skysky Member

    Hi
    My website is using cloudflare, and recently the server was overloaded from time to time. by checking the access log during that time, I found again and again that my site was being attacked by script that creating large amount of access with different IP, trying to find out if my site has the file url that they are looking for.

    I am already using cloudflare to protect my site, but seems CF could not prevent such case. anything else I can do about it? THANKS

    ACCESS LOG:
    172.71.214.127 - - [15/Mar/2024:03:37:33 +0800] "GET /pc.html HTTP/2.0" 499 0 "https://www.mydomain.com:443/pc.html" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    162.158.178.12 - - [15/Mar/2024:03:37:33 +0800] "GET /api/c/a HTTP/2.0" 499 0 "https://www.mydomain.com:443/api/c/a" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.211.39 - - [15/Mar/2024:03:37:33 +0800] "GET /api/apps HTTP/2.0" 499 0 "https://www.mydomain.com:443/api/apps" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.218.142 - - [15/Mar/2024:03:37:33 +0800] "GET /api/ping HTTP/2.0" 499 0 "https://www.mydomain.com:443/api/ping" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.218.144 - - [15/Mar/2024:03:37:33 +0800] "GET /lanren/css/global.css HTTP/2.0" 404 183 "https://www.mydomain.com:443/lanren/css/global.css" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.210.243 - - [15/Mar/2024:03:37:33 +0800] "GET /api/vvids HTTP/2.0" 499 0 "https://www.mydomain.com:443/api/vvids" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    162.158.178.13 - - [15/Mar/2024:03:37:33 +0800] "GET /getLocale HTTP/2.0" 499 0 "https://www.mydomain.com:443/getLocale" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.214.74 - - [15/Mar/2024:03:37:33 +0800] "GET /step1.asp HTTP/2.0" 499 0 "https://www.mydomain.com:443/step1.asp" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    162.158.114.2 - - [15/Mar/2024:03:37:33 +0800] "GET /config.js HTTP/2.0" 404 183 "https://www.mydomain.com:443/config.js" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.218.73 - - [15/Mar/2024:03:37:33 +0800] "GET /css/skin/ymPrompt.css HTTP/2.0" 404 183 "https://www.mydomain.com:443/css/skin/ymPrompt.css" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.210.166 - - [15/Mar/2024:03:37:33 +0800] "GET /css/m.css HTTP/2.0" 404 183 "https://www.mydomain.com:443/css/m.css" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.219.105 - - [15/Mar/2024:03:37:33 +0800] "GET /platform HTTP/2.0" 499 0 "https://www.mydomain.com:443/platform" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    162.158.179.111 - - [15/Mar/2024:03:37:33 +0800] "GET /js/app.js HTTP/2.0" 404 183 "https://www.mydomain.com:443/js/app.js" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.211.46 - - [15/Mar/2024:03:37:34 +0800] "GET /style.css HTTP/2.0" 404 183 "https://www.mydomain.com:443/style.css" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.214.211 - - [15/Mar/2024:03:37:34 +0800] "GET /js/home.js HTTP/2.0" 404 183 "https://www.mydomain.com:443/js/home.js" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.210.32 - - [15/Mar/2024:03:37:34 +0800] "GET /app/ HTTP/2.0" 403 182 "https://www.mydomain.com:443/app/" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.68.225.166 - - [15/Mar/2024:03:37:34 +0800] "GET /kefu/css/style.css HTTP/2.0" 404 183 "https://www.mydomain.com:443/kefu/css/style.css" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /homes/ HTTP/1.1" 499 0 "https://app.mydomain.com:443/homes/" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /login HTTP/1.1" 499 0 "https://app.mydomain.com:443/login" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /imei/ HTTP/1.1" 499 0 "https://app.mydomain.com:443/imei/" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /mobile HTTP/1.1" 499 0 "https://app.mydomain.com:443/mobile" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /config HTTP/1.1" 499 0 "https://app.mydomain.com:443/config" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /m.html HTTP/1.1" 499 0 "https://app.mydomain.com:443/m.html" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /im/h5/ HTTP/1.1" 499 0 "https://app.mydomain.com:443/im/h5/" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /static/picture/gz.png HTTP/1.1" 404 194 "https://app.mydomain.com:443/static/picture/gz.png" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /bao/img/gz.png HTTP/1.1" 404 194 "https://app.mydomain.com:443/bao/img/gz.png" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /init.js HTTP/1.1" 404 194 "https://app.mydomain.com:443/init.js" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /lang.js HTTP/1.1" 404 194 "https://app.mydomain.com:443/lang.js" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    152.32.188.142 - - [15/Mar/2024:03:37:35 +0800] "GET /site.js HTTP/1.1" 404 194 "https://app.mydomain.com:443/site.js" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    162.158.179.105 - - [15/Mar/2024:03:37:37 +0800] "GET /pc.html HTTP/2.0" 499 0 "https://www.mydomain.com:443/pc.html" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.68.225.90 - - [15/Mar/2024:03:37:37 +0800] "GET /api/c/a HTTP/2.0" 499 0 "https://www.mydomain.com:443/api/c/a" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    162.158.114.213 - - [15/Mar/2024:03:37:37 +0800] "GET /api/apps HTTP/2.0" 499 0 "https://www.mydomain.com:443/api/apps" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.211.55 - - [15/Mar/2024:03:37:37 +0800] "GET /config.js HTTP/2.0" 404 183 "https://www.mydomain.com:443/config.js" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.210.97 - - [15/Mar/2024:03:37:37 +0800] "GET /lanren/css/global.css HTTP/2.0" 404 183 "https://www.mydomain.com:443/lanren/css/global.css" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.214.24 - - [15/Mar/2024:03:37:37 +0800] "GET /css/skin/ymPrompt.css HTTP/2.0" 404 183 "https://www.mydomain.com:443/css/skin/ymPrompt.css" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.218.66 - - [15/Mar/2024:03:37:37 +0800] "GET /platform HTTP/2.0" 499 0 "https://www.mydomain.com:443/platform" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.211.55 - - [15/Mar/2024:03:37:37 +0800] "GET /api/vvids HTTP/2.0" 499 0 "https://www.mydomain.com:443/api/vvids" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    172.71.210.254 - - [15/Mar/2024:03:37:37 +0800] "GET /api/ping HTTP/2.0" 499 0 "https://www.mydomain.com:443/api/ping" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    162.158.179.78 - - [15/Mar/2024:03:37:37 +0800] "GET /css/m.css HTTP/2.0" 404 183 "https://www.mydomain.com:443/css/m.css" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    162.158.179.16 - - [15/Mar/2024:03:37:38 +0800] "GET /getLocale HTTP/2.0" 499 0 "https://www.mydomain.com:443/getLocale" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    162.158.179.61 - - [15/Mar/2024:03:37:38 +0800] "GET /style.css HTTP/2.0" 404 183 "https://www.mydomain.com:443/style.css" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
    162.158.178.197 - - [15/Mar/2024:03:37:38 +0800] "GET /js/app.js HTTP/2.0" 404 183 "https://www.mydomain.com:443/js/app.js" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
     
    skysky, Mar 15, 2024
    #1

Share This Page