[Owasp-board] OWASP.org down?

Matt Tesauro matt.tesauro at owasp.org
Fri Jan 25 15:54:31 UTC 2013


It looks like, perhaps, someone in Norway (or at least traffic originating
from there) was doing some odd stuff with the website by POSTing to / over
HTTP - there's a ton of these in the logs:

80.202.143.172 - - [25/Jan/2013:14:29:38 +0000] "POST / HTTP/1.1" 301 497
"-" "Apache"

ARIN for this IP:
https://apps.db.ripe.net/search/query.html?searchtext=80.202.143.172&search%3AdoSearch=Search#resultsAnchor

Maybe a variant of the slow post attacks.  Not 100% sure but seeing those
requests at ~30/second for 2 minutes straight sure stood out.

After that there's some HTTP 408's (Request timed out) so, yeah, that was
probably it.

--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site


On Fri, Jan 25, 2013 at 9:44 AM, Sarah Baso <sarah.baso at owasp.org> wrote:

> Thanks Matt.
>
> -Sarah
>
>
> On Fri, Jan 25, 2013 at 9:43 AM, Matt Tesauro <matt.tesauro at owasp.org>wrote:
>
>> Its back now.  Looking at the logs currently.  Notices that China's
>> largest search engine is indexing us if the user-agent below can be
>> believed:
>>
>> 123.125.71.112 - - [25/Jan/2013:14:27:07 +0000] "GET / HTTP/1.1" 301 525
>> "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +
>> http://www.baidu.com/search/spider.html)"
>>
>> I could SSH to the box and 80 and 443 showed as responding locally.  May
>> have been a network burp.  I'm going to dig a bit more and see what I find.
>>
>> --
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>>
>>
>> On Fri, Jan 25, 2013 at 8:51 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>
>>> Matt- can you look onto this?
>>>
>>> Thanks,
>>> Sarah
>>>
>>> *psiinon (@psiinon <https://twitter.com/psiinon>)*
>>> 1/25/13, 8:45 AM <https://twitter.com/psiinon/status/294818245146460160>
>>> @owasp <https://twitter.com/@owasp> looks like owasp.org<http://t.co/P0gTESR9>is down :(
>>> downforeveryoneorjustme.com/owasp.org <http://t.co/q5rs3yTU>
>>>
>>> Download the official Twitter app here<https://twitter.com/download?ref_src=MailTweet-iOS>
>>>
>>
>>
>
>
> --
> Director
> OWASP Foundation
>
> sarah.baso at owasp.org
> +1.312.869.2779
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20130125/68242083/attachment.html>


More information about the Owasp-board mailing list