Unexpected URLs in Apache 2.4 acce log file

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Unexpected URLs in Apache 2.4 acce log file

Arcadius Ahouansou
Hello.

I am running an Apage 2.4 server on Debian 8.

Recently, I have noticed that my access log file contains entries like:



198.55.103.73 - - [24/Jul/2017:15:29:45 +0100] "GET http://px.wangying06.com/?bdc HTTP/1.0" 302 - "http://px.wangying06.com/?bdc" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
104.223.185.6 - - [24/Jul/2017:15:29:49 +0100] "GET http://xtt111.com/ HTTP/1.0" 302 - "http://xtt111.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
185.15.244.63 - - [24/Jul/2017:15:29:53 +0100] "GET http://video-edge-c2b188.fra02.hls.ttvnw.net/v0/CuMB6xEBCMkhVCGZ7cZqusjVePCtyTK7dX_RVlVaaXrBmlucADyu76w_8Q4HXy9LUMU8DRIHRDAWsT9A89ewCTV9vEx_f-JS9EKj7IxuvDHJVzA8l6M76rpMCpazRc2MAljDmyeIfjcSDXxH5xtbnO8JleLEitzzxxUbC1_orbaV-fjW_qz0GrUX-jpYNBmZanXlnbKzbR7Z1Ryns8sYK0XFOH4zBWKXMJ1tTNTx36QiHG1o_5p3aNtFPcBVyniMYqfcvxS3FCT5YlPbQIL8AVzrO0Zdb2poieNCoQCtY2RvihNPTP4SEPRbc5ZYChuDVbXCKqx7AK0aDHwVdGoDF17Bx2rPjw/index-live.m3u8 HTTP/1.1" 302 - "-" "-"
142.252.249.8 - - [24/Jul/2017:15:29:53 +0100] "GET http://px.wangying06.com/?bdc HTTP/1.0" 302 - "http://px.wangying06.com/?bdc" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
133.130.116.200 - - [24/Jul/2017:15:29:55 +0100] "GET http://m.albamon.com/list/gi/mon_gib_read.asp?al_gi_no=49479748&optgf=mdlfocus HTTP/1.1" 302 - "" "Mozilla/5.0 (Linux; Android 5.1.1; SM-G928X Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.83 Mobile Safari/537.36"



Note that none of the domains in the log is hosted on my server.
But it seems as if xtt111.com was hosted on my server.
I thought that my mod_proxy and mod_proxy_http was being abused.
So, I have removed these and restarted the server.
But I can still see random domains in my log file.

It is as if I was under attack as there is an entry every ms or so.

Any hint will be very welcome

Thank you very much.

Arcadius.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unexpected URLs in Apache 2.4 acce log file

Nick Kew-3
On Mon, 2017-07-24 at 16:40 +0100, Arcadius Ahouansou wrote:
> Hello.

Are all those asterisks really in your log, or do you have
a broken mailer inserting them?

Any server exposed to the 'net will get probed for all kinds
of thing, including open proxy.  Your server appears to be
sending a 302 redirect in response, which is not really a good
idea, but probably comes from some default you've set somewhere.
Better to send a NOT FOUND instead (that's 404 from memory).
Or just BAD REQUEST (400).

--
Nick Kew


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...