Log apache auth.log

**plakou** · 10/06/2019, 14h06

Bonjour à tous.

Je suis inquiet quand à la sécurité de mon serveur et j’aimerais savoir ce que représente les entrées suivantes dans les logs.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
110.167.95.x - - [10/Jun/2019:11:05:52 +0200] "HEAD http://123.125.114.144/ HTTP/1.1" 200 263 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
60.13.6.x - - [10/Jun/2019:11:05:54 +0200] "GET http://www.rfa.org/english/ HTTP/1.1" 404 407 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoMozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
182.138.214.x - - [10/Jun/2019:11:05:54 +0200] "GET http://www.123cha.com/ HTTP/1.1" 200 1565 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
220.200.167.x - - [10/Jun/2019:11:05:56 +0200] "GET http://www.wujieliulan.com/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoMozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
119.118.27.x - - [10/Jun/2019:11:05:57 +0200] "CONNECT www.voanews.com:443 HTTP/1.1" 200 0 "-" "PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3"
111.224.235.x - - [10/Jun/2019:11:05:57 +0200] "CONNECT www.baidu.com:443 HTTP/1.1" 200 3241 "-" "PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3"
111.224.235.x - - [10/Jun/2019:11:05:58 +0200] "\x16\x03\x01\x01\b\x01" 400 0 "-" "-"
180.95.238.x - - [10/Jun/2019:11:06:01 +0200] "GET http://boxun.com/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
60.13.6.x - - [10/Jun/2019:11:06:01 +0200] "GET http://www.minghui.org/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
113.57.114.x - - [10/Jun/2019:11:06:02 +0200] "GET http://www.epochtimes.com/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
220.175.60.x - - [10/Jun/2019:11:06:03 +0200] "CONNECT cn.bing.com:443 HTTP/1.1" 200 3241 "-" "PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3"
220.175.60.x - - [10/Jun/2019:11:06:03 +0200] "\x16\x03\x01\x01\x06\x01" 400 0 "-" "-"
124.88.113.x - - [10/Jun/2019:11:06:03 +0200] "GET http://www.ip.cn/ HTTP/1.1" 200 1565 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
198.108.66.x - - [10/Jun/2019:11:36:11 +0200] "GET / HTTP/1.1" 200 4665 "-" "Mozilla/5.0 zgrab/0.x"
3.81.130.x - - [10/Jun/2019:13:09:06 +0200] "GET / HTTP/1.1" 200 4856 "-" "Mozilla/5.0 (Windows NT 6.2;en-US) AppleWebKit/537.32.36 (KHTML, live Gecko) Chrome/52.0.3081.94 Safari/537.32"
43.239.122.x - - [10/Jun/2019:13:10:32 +0200] "CONNECT www.jd.com:443 HTTP/1.0" 200 3260 "-" "-"

Ce sont des sites qui ne m'appartienne étranger qui ne m'appartienne pas.
J'ai anonymisé les IP.

J'ai 1 HEAD et plein de GET / CONNECT.

Merci de votre clairvoyance.

J’espère ne pas être parano

**plakou** · 10/06/2019, 17h59

Ok c'est les sites "Referer".
J'ai modifié le format des logs par défaut ca me revient.

https://httpd.apache.org/docs/2.4/fr...html#accesslog

Log apache auth.log

Apache

Discussions similaires

Partager

Partager