HACKER Q&A
📣 yametekudasai

Weird Apache2 Logs


Hello,

So i recently set up an Apache2 Server and was looking into the logs and found these logs:

https://pastebin.com/bVKFX9X2

Does anyone know what this or what the goal of the doer is? Finding a specific file on the server, maybe a weakspot?

Also if this is an "attack" how do i protect myself from it?

Kind Regards

PS: For future reference, should i not show the ip-adress?

  👤 1c1f9a165ff3 Accepted Answer ✓
Looks like its a (probably) bot from china doing a directory brute force on your web server.

You could ban by ip but there will be others. grep logs for that IP and if they recieved a 200 response. Then you'll know what they found that may be interesting to them.

There are ways to harden your apache, I suggest implementing them.

👤 Etheryte
You'll reach a better target audience on the Stack Exchange, either [1] or [2].

[1] https://security.stackexchange.com

[2] https://superuser.com/

👤 yametekudasai
Also i read the rules, that you shouldn't use 'clickbait' titles but i really didn't thought of a better name, if this 'baited' you i am terribly sorry
👤 mattbillenstein
They're just probing to see if you're running anything they might be able to exploit - I didn't see any 200's other than /, so I think it's low risk.
👤 OpFour
looks like some kind of bot that was scanning for specific file types... they all 404'd so nothing was found from what I saw.

You can block the ip in the firewall of that (assumed) bot and maybe create a complicated iptable rule blocking any bots that send a get request for xxx.filename maybe?