V2EX 首页   注册   登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Distributions
Ubuntu
Fedora
CentOS
中文资源站
网易开源镜像站
V2EX  ›  Linux

发现 apache 的日志里有很多本地请求,是不是被黑了?

  •  
  •   vjnjc · 10 天前 · 630 次点击

    刚刚看到 apache 的日志里有好多本地请求 via OpenSSL,而我没有配置过 cron 或者类似的定时器,有没有谁有类似经历?

    PS:服务器上我配置了 lets encrypt renew bot,fail2ban 应该和这个异常日志都没关系吧

    81.139.18.17 - - [12/Oct/2017:11:04:25 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2013/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
    81.139.18.17 - - [12/Oct/2017:11:04:25 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2014/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
    81.139.18.17 - - [12/Oct/2017:11:04:25 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2015/ HTTP/1.1" 404 159 "-" "Mozilla/5.0 Jorgee"
    81.139.18.17 - - [12/Oct/2017:11:04:26 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2017/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 Jorgee"
    81.139.18.17 - - [12/Oct/2017:11:04:26 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2018/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 Jorgee"
    81.139.18.17 - - [12/Oct/2017:11:04:27 +0800] "HEAD http://138.197.221.177:80/phpmanager/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 Jorgee"
    138.197.108.245 - - [12/Oct/2017:11:06:12 +0800] "HEAD /icons/apache_pb.gif HTTP/1.0" 200 250 "-" "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; +info@netcraft.com)"
    104.236.163.39 - - [12/Oct/2017:11:10:19 +0800] "GET / HTTP/1.1" 200 3469 "-" "Mozilla/5.0 zgrab/0.x"
    177.221.104.214 - - [12/Oct/2017:11:58:16 +0800] "GET / HTTP/1.1" 200 11576 "-" "curl/7.17.1 (mips-unknown-linux-gnu) libcurl/7.17.1 OpenSSL/0.9.8i zlib/1.2.3"
    211.22.218.77 - - [12/Oct/2017:12:31:15 +0800] "HEAD http://138.197.221.177:80 HTTP/1.1" 200 311 "-" "Mozilla/5.0 Jorgee"
    211.22.218.77 - - [12/Oct/2017:12:31:15 +0800] "GET http://138.197.221.177:80 HTTP/1.0" 200 11595 "-" "Mozilla/5.0 Jorgee"
    ::1 - - [12/Oct/2017:13:00:26 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:27 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:28 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:29 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:30 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:31 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:32 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:28:03 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:31:44 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:31:45 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:31:46 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:37:12 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:37:13 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:37:14 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:37:15 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    
    3 回复  |  直到 2017-10-12 21:01:39 +08:00
        1
    lovedboy   10 天前   ♥ 1
    Google "internal dummy connection"
        2
    WordTian   10 天前 via Android
    看着像网站扫描器,在扫描网站可能存在的后台管理的页面。
        3
    WordTian   10 天前 via Android   ♥ 1
    @WordTian 审题不清,还是看一楼吧
    DigitalOcean
    关于   ·   FAQ   ·   API   ·   我们的愿景   ·   广告投放   ·   鸣谢   ·   2358 人在线   最高记录 3541   ·  
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.0 · 26ms · UTC 06:04 · PVG 14:04 · LAX 23:04 · JFK 02:04
    ♥ Do have faith in what you're doing.
    沪ICP备16043287号-1