Kilo
Sử dụng log Apache để phân tích DDos

Sử dụng log Apache để phân tích DDos

Kilo's photo
Kilo
·

11 min read

[root@kiloccnp~]# cat kilo.txt | cut -d ' ' -f 9 | sort | uniq -c | sort -nr

698 404
691 HTTP/1.1"
168 HTTP/1.0"
27 403

[root@kiloccnp~]# grep " 404 " kilo.txt | cut -d ' ' -f 7 | sort | uniq -c | sort -nr

674 /
672 "POST
23 //
1 /balancer?&data=

[root@kiloccnp~]# grep " 404 " kilo.txt | cut -d '"' -f 6 | sort | uniq -c | sort -nr

136 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)
132 Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
131 Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)
118 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1
117 Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)
113 Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
109 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)
106 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
102 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3
98 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)
94 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
92 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1
21 Mozilla/5.0 (KHTML, like Gecko) Safari/537.36
1 MyClient/1.0

[root@kiloccnp~]# grep " 404 " kilo.txt | cut -d ' ' -f 1 | sort | uniq -c | sort -nr

21 23.92.20.209
20 61.220.46.19
16 187.95.116.10
14 120.52.73.97
12 200.86.113.167
12 139.162.60.42
10 91.194.42.51
10 85.194.241.205
10 5.150.232.53
10 196.22.249.124
10 192.99.128.170
10 178.151.193.9
10 148.245.105.25
10 120.52.73.98
8 94.20.21.38
8 85.204.229.47
8 82.146.37.33
8 80.87.81.102
8 80.14.12.161
8 5.105.189.85
8 47.90.63.202
8 47.89.41.164
8 36.66.212.59
8 200.249.176.7
8 198.50.238.45
8 193.34.173.70
8 187.110.238.130
8 186.192.164.126
8 185.28.193.95
8 178.22.148.122
8 177.21.10.90
8 152.160.35.175
8 137.74.254.198
8 118.141.41.84
8 108.170.3.138
6 94.23.205.32
6 93.63.142.144
6 89.189.96.24
6 89.140.19.74
6 80.250.55.90
6 77.123.18.56
6 62.89.216.4
6 62.45.248.11
6 5.196.58.88
6 51.15.55.236
6 47.88.195.233
6 46.219.78.221
6 46.0.198.200
6 37.187.100.23
6 202.47.236.250
6 202.29.221.90
6 200.108.35.45
6 196.41.123.151
6 192.25.162.203
6 190.248.27.20
6 190.14.250.42
6 187.60.219.248
6 186.85.85.121
6 180.250.165.156
6 177.220.156.58
6 177.104.224.52
6 159.255.167.131
6 154.16.127.52
6 149.56.89.126
6 117.169.86.227
6 116.93.119.36
6 103.228.152.11
5 91.211.246.156
5 90.152.38.179
5 192.42.116.16
5 103.225.179.251
4 93.64.156.3
4 93.174.55.82
4 92.255.187.219
4 91.247.250.209
4 91.240.210.142
4 91.211.245.159
4 90.152.38.178
4 89.135.121.1
4 87.98.147.195
4 87.244.181.185
4 83.239.88.170
4 83.239.29.234
4 83.220.168.131
4 82.209.67.31
4 81.45.40.139
4 80.242.219.50
4 79.104.50.62
4 78.81.206.37
4 67.205.145.108
4 63.150.152.151
4 62.84.66.39
4 62.80.177.210
4 52.77.209.182
4 5.189.146.6
4 51.254.132.238
4 46.219.116.2
4 46.101.86.183
4 37.59.37.41
4 37.21.126.200
4 31.47.96.240
4 213.57.89.62
4 213.202.252.166
4 213.195.171.158
4 212.232.52.113
4 212.227.9.141
4 210.91.41.60
4 210.101.131.232
4 209.87.244.145
4 199.68.196.123
4 195.46.167.164
4 195.244.36.177
4 195.225.123.14
4 195.189.240.66
4 194.44.93.8
4 192.25.162.193
4 191.252.1.154
4 191.103.9.126
4 190.242.119.197
4 189.202.216.137
4 188.128.122.118
4 186.103.169.162
4 185.72.179.109
4 185.35.103.145
4 182.253.202.122
4 182.253.197.60
4 178.63.157.84
4 178.62.195.131
4 177.66.201.170
4 177.43.72.251
4 177.190.208.25
4 177.103.182.12
4 176.31.162.92
4 176.12.125.198
4 173.254.197.233
4 163.172.160.182
4 158.181.16.88
4 149.202.195.236
4 128.199.169.17
4 125.7.114.126
4 1.254.195.253
4 124.155.112.85
4 123.110.175.165
4 117.169.86.135
4 113.252.236.96
4 112.214.73.253
4 109.69.2.125
4 104.131.139.203
4 103.27.118.146
4 101.255.12.70
3 50.93.204.64
3 202.153.130.221
2 97.77.104.22
2 95.78.172.184
2 95.211.205.151
2 95.170.222.106
2 95.153.32.10
2 94.47.255.26
2 94.23.81.70
2 94.23.196.68
2 94.181.34.64
2 94.180.115.22
2 94.158.165.165
2 93.51.247.104
2 93.44.50.150
2 92.222.73.177
2 92.222.109.73
2 92.222.107.215
2 92.222.107.133
2 91.241.170.90
2 91.211.246.86
2 91.198.143.235
2 91.142.84.182
2 89.219.23.240
2 88.80.7.5
2 88.250.202.80
2 88.146.227.247
2 87.249.205.103
2 86.102.106.150
2 85.90.208.4
2 85.31.205.178
2 85.248.227.165
2 85.113.48.148
2 85.105.177.187
2 84.51.57.149
2 84.242.196.13
2 83.68.39.26
2 83.206.37.227
2 82.224.48.173
2 82.165.160.40
2 82.119.86.58
2 8.21.131.19
2 81.28.169.193
2 81.218.131.96
2 81.19.87.9
2 79.172.193.32
2 77.94.122.213
2 77.73.104.18
2 77.247.181.165
2 77.247.181.163
2 77.247.178.213
2 74.85.156.50
2 69.46.134.115
2 65.19.167.130
2 64.140.171.218
2 62.210.81.152
2 62.210.105.116
2 62.209.227.242
2 59.157.7.145
2 58.176.46.248
2 52.164.244.34
2 5.196.7.246
2 5.196.66.98
2 5.189.176.106
2 5.135.204.110
2 5.135.179.127
2 51.255.202.66
2 5.10.167.204
2 50.93.204.108
2 50.93.201.96
2 50.117.114.98
2 50.117.114.101
2 50.117.114.100
2 49.231.150.233
2 49.140.7.98
2 49.140.232.57
2 49.140.207.154
2 47.88.11.13
2 46.251.49.21
2 46.182.106.190
2 46.105.115.210
2 45.65.11.53
2 41.230.13.172
2 41.203.251.104
2 41.187.15.198
2 40.84.24.155
2 37.57.225.166
2 37.57.147.41
2 37.187.79.19
2 31.172.143.42
2 31.172.132.9
2 31.148.219.180
2 27.54.173.38
2 27.131.47.132
2 27.122.12.45
2 223.95.92.79
2 223.25.102.186
2 223.19.212.30
2 219.85.233.123
2 219.127.253.43
2 218.254.1.14
2 217.91.70.86
2 213.79.104.178
2 213.241.204.236
2 213.108.201.82
2 212.91.189.162
2 212.91.188.166
2 212.248.78.171
2 212.185.87.53
2 212.127.164.215
2 212.117.180.130
2 211.44.183.97
2 210.212.230.22
2 209.66.119.150
2 209.53.167.132
2 204.85.191.30
2 204.29.115.149
2 204.152.199.78
2 203.223.189.91
2 203.142.76.90
2 202.47.236.251
2 202.183.155.135
2 202.148.30.34
2 202.138.241.3
2 201.216.217.25
2 201.174.52.29
2 200.68.17.243
2 200.168.250.196
2 200.10.67.164
2 198.50.159.200
2 197.97.146.62
2 197.51.39.130
2 195.110.59.16
2 194.8.47.6
2 193.246.106.1
2 193.232.184.141
2 193.107.192.69
2 192.160.102.166
2 1.9.171.51
2 190.6.36.39
2 190.63.130.242
2 190.202.5.58
2 189.206.33.130
2 188.93.243.22
2 188.225.184.156
2 188.113.138.238
2 188.0.183.146
2 187.84.222.153
2 187.44.1.54
2 187.120.181.172
2 186.3.138.186
2 185.40.40.198
2 185.38.14.215
2 185.38.14.171
2 185.36.60.68
2 185.31.161.102
2 185.23.80.2
2 185.117.215.9
2 184.106.189.133
2 183.82.117.136
2 183.61.236.54
2 182.253.31.66
2 182.253.236.74
2 182.253.226.139
2 182.253.209.203
2 182.253.207.190
2 182.253.178.104
2 181.40.78.174
2 181.171.88.118
2 181.120.255.196
2 179.184.171.215
2 179.125.170.154
2 179.106.71.2
2 178.73.195.172
2 178.63.157.83
2 178.253.217.131
2 178.238.229.236
2 178.151.69.119
2 177.87.45.74
2 177.86.24.194
2 177.70.23.156
2 177.54.200.58
2 177.54.149.227
2 177.37.160.211
2 177.37.160.202
2 177.207.188.42
2 177.130.59.66
2 177.126.81.50
2 173.68.185.170
2 173.254.216.66
2 173.224.124.210
2 163.121.188.3
2 162.223.88.243
2 160.202.42.10
2 159.253.134.203
2 159.203.63.43
2 158.181.129.105
2 154.46.204.34
2 151.80.88.44
2 151.80.135.147
2 150.188.232.243
2 149.56.1.204
2 146.52.84.73
2 143.255.109.90
2 14.139.162.2
2 139.196.222.157
2 138.68.99.149
2 138.201.63.123
2 138.197.137.3
2 13.69.251.167
2 136.243.209.34
2 125.99.120.166
2 125.31.19.25
2 124.255.23.45
2 121.140.126.250
2 1.209.188.197
2 119.29.183.143
2 118.189.157.9
2 118.144.154.253
2 117.169.86.147
2 117.169.86.133
2 117.102.77.34
2 1.161.171.206
2 115.85.76.242
2 115.69.217.10
2 114.6.135.179
2 114.5.12.178
2 114.215.150.13
2 113.255.49.49
2 113.253.13.205
2 113.252.130.94
2 113.252.129.133
2 111.93.216.162
2 111.68.99.42
2 111.13.7.42
2 107.178.4.109
2 106.48.48.44
2 104.207.136.31
2 103.28.149.118
2 103.253.147.28
2 103.250.189.77
2 103.228.246.23
2 101.255.76.50
1 91.211.245.108
1 85.114.142.232
1 78.46.8.199
1 62.102.148.67
1 5.157.2.235
1 50.93.201.190
1 50.93.200.128
1 23.101.77.155
1 185.100.86.167
1 115.254.104.201
1 101.255.60.126

[root@kiloccnp~]#[

[root@kiloccnp](mediafire.com/file/3esvizsh01r4szv/sungroup..[root@kiloccnp) ~]# cat xxxx.vn.log | cut -d ' ' -f 9 | sort | uniq -c | sort -nr

14654 404
14363 HTTP/1.1"
3244 HTTP/1.0"
489 403

[root@kiloccnp ~]# grep " 404 " xxx.log | cut -d ' ' -f 7 | sort | uniq -c | sort -nr

14297 /
14126 "POST
338 //
11 "GET
8 /balancer?&data=
2 /wp-content/uploads/2016/11/tong-the-10-11-trang.jpg
2 /wp-content/uploads/2016/11/Sun03LY_Cam11_Dem_161004.jpg
1 /wp-content/uploads/2016/02/be-boi-tran-bo.jpg
1 /sky36.html
1 /robots.txt
1 /phoi-canh-du-sun-grand-city-ancora-3-luong-yen.html
1 /index/init/
1 /favicon.ico
1 /du-an/bat-dong-san-nghi-duong/premier-village-phu-quoc/

[root@kiloccnp ~]# grep " 404 " sungroupvietnam.com.vn.log | cut -d '"' -f 6 | sort | uniq -c | sort -nr

2517 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3
2422 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
2406 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)
2385 Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)
2381 Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)
2365 Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
2355 Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
2354 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)
2327 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1
2326 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)
2325 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
2240 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1
286 Mozilla/5.0 (KHTML, like Gecko) Safari/537.36
54 Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31
15 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2)
12 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
6 Mozilla/5.0 (compatible; coccocbot-web/1.0; +help.coccoc.com/searchengine) ) 6 -
3 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
2 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
2 Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
1 MyClient/1.0
1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36

[root@kiloccnp ~]# grep " 404 " xxx.log | cut -d ' ' -f 1 | sort | uniq -c | sort -nr | wc -l

1538

[root@kiloccnp ~]#

DevSecOpsDevopsddos