The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Nginx and Apache wierd logs and ip's

Discussion in 'Workarounds and Optimization' started by ASTRAPI, Sep 23, 2011.

  1. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Hello

    I am using nginx plugin in front of Apache and today i found on nginx access.log:


    151.1.182.163 - - [18/Sep/2011:08:15:28 +0300] "GET / HTTP/1.0" 200 151 "-" "-"
    151.1.182.163 - - [18/Sep/2011:17:50:49 +0300] "GET / HTTP/1.0" 200 151 "-" "-"
    69.162.74.37 - - [18/Sep/2011:18:56:22 +0300] "GET /w00tw00t.at.ISC.SANS.test0:) HTTP/1.1" 400 166 "-" "-"
    62.141.46.141 - - [19/Sep/2011:06:18:21 +0300] "GET /w00tw00t.at.ISC.SANS.test0:) HTTP/1.1" 400 166 "-" "-"
    24.73.227.230 - - [19/Sep/2011:11:41:35 +0300] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 166 "-" "-"
    24.73.227.230 - - [19/Sep/2011:11:41:35 +0300] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 166 "-" "-"
    46.163.65.80 - - [19/Sep/2011:21:35:12 +0300] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 166 "-" "-"
    46.163.65.80 - - [19/Sep/2011:21:35:12 +0300] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 166 "-" "-"
    94.102.209.211 - - [20/Sep/2011:17:00:21 +0300] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 166 "-" "-"
    94.102.209.211 - - [20/Sep/2011:17:00:21 +0300] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 166 "-" "-"
    217.170.69.22 - - [21/Sep/2011:10:03:49 +0300] "GET /test.w00t:) HTTP/1.1" 400 166 "-" "-"
    217.170.69.22 - - [21/Sep/2011:10:03:50 +0300] "GET /test.w00t:) HTTP/1.1" 400 166 "-" "-"


    and for apache access_log:


    127.0.0.1 - - [23/Sep/2011:18:17:24 +0300] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [23/Sep/2011:18:17:58 +0300] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [23/Sep/2011:18:18:15 +0300] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [23/Sep/2011:18:18:36 +0300] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [23/Sep/2011:18:19:08 +0300] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [23/Sep/2011:18:19:28 +0300] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [23/Sep/2011:18:19:36 +0300] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [23/Sep/2011:18:20:00 +0300] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [23/Sep/2011:18:20:01 +0300] "GET /whm-server-status HTTP/1.0" 499 0 "-" "-"
    127.0.0.1 - - [23/Sep/2011:18:21:11 +0300] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [23/Sep/2011:18:21:16 +0300] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [23/Sep/2011:18:21:22 +0300] "GET / HTTP/1.0" 200 111



    Any ideas what are those and what i can do?

    Thank you
     
  2. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    Did you happen to Google these errors before opening the thread. :) Seems like an attempt on your server by someone with a malicious intent.

     
Loading...

Share This Page