V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Distributions
Ubuntu
Fedora
CentOS
中文资源站
网易开源镜像站
vjnjc
V2EX  ›  Linux

发现 apache 的日志里有很多本地请求,是不是被黑了?

  •  
  •   vjnjc · 2017-10-12 14:40:17 +08:00 · 4487 次点击
    这是一个创建于 2597 天前的主题,其中的信息可能已经有所发展或是发生改变。

    刚刚看到 apache 的日志里有好多本地请求 via OpenSSL,而我没有配置过 cron 或者类似的定时器,有没有谁有类似经历?

    PS:服务器上我配置了 lets encrypt renew bot,fail2ban 应该和这个异常日志都没关系吧

    81.139.18.17 - - [12/Oct/2017:11:04:25 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2013/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
    81.139.18.17 - - [12/Oct/2017:11:04:25 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2014/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
    81.139.18.17 - - [12/Oct/2017:11:04:25 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2015/ HTTP/1.1" 404 159 "-" "Mozilla/5.0 Jorgee"
    81.139.18.17 - - [12/Oct/2017:11:04:26 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2017/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 Jorgee"
    81.139.18.17 - - [12/Oct/2017:11:04:26 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2018/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 Jorgee"
    81.139.18.17 - - [12/Oct/2017:11:04:27 +0800] "HEAD http://138.197.221.177:80/phpmanager/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 Jorgee"
    138.197.108.245 - - [12/Oct/2017:11:06:12 +0800] "HEAD /icons/apache_pb.gif HTTP/1.0" 200 250 "-" "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; [email protected])"
    104.236.163.39 - - [12/Oct/2017:11:10:19 +0800] "GET / HTTP/1.1" 200 3469 "-" "Mozilla/5.0 zgrab/0.x"
    177.221.104.214 - - [12/Oct/2017:11:58:16 +0800] "GET / HTTP/1.1" 200 11576 "-" "curl/7.17.1 (mips-unknown-linux-gnu) libcurl/7.17.1 OpenSSL/0.9.8i zlib/1.2.3"
    211.22.218.77 - - [12/Oct/2017:12:31:15 +0800] "HEAD http://138.197.221.177:80 HTTP/1.1" 200 311 "-" "Mozilla/5.0 Jorgee"
    211.22.218.77 - - [12/Oct/2017:12:31:15 +0800] "GET http://138.197.221.177:80 HTTP/1.0" 200 11595 "-" "Mozilla/5.0 Jorgee"
    ::1 - - [12/Oct/2017:13:00:26 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:27 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:28 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:29 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:30 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:31 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:00:32 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:28:03 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:31:44 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:31:45 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:31:46 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:37:12 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:37:13 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:37:14 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    ::1 - - [12/Oct/2017:13:37:15 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
    
    5 条回复    2017-11-09 16:59:06 +08:00
    lovedboy
        1
    lovedboy  
       2017-10-12 14:44:12 +08:00   ❤️ 1
    Google "internal dummy connection"
    WordTian
        2
    WordTian  
       2017-10-12 20:56:17 +08:00 via Android
    看着像网站扫描器,在扫描网站可能存在的后台管理的页面。
    WordTian
        3
    WordTian  
       2017-10-12 21:01:39 +08:00 via Android   ❤️ 1
    @WordTian 审题不清,还是看一楼吧
    DeHoo
        4
    DeHoo  
       2017-11-09 16:47:24 +08:00
    一般访问网站都不用 HEAD/OPTIONS 吧,反正我只要不是 GET 或 POST 访问的,都 BAN 了!
    vjnjc
        5
    vjnjc  
    OP
       2017-11-09 16:59:06 +08:00
    @DeHoo 我的一个失误,这个本地的 option 操作是 apache 为了 keep alive 的一个措施~
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2925 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 14:28 · PVG 22:28 · LAX 06:28 · JFK 09:28
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.