Bonjour à tous.
Je suis inquiet quand à la sécurité de mon serveur et j’aimerais savoir ce que représente les entrées suivantes dans les logs.
Ce sont des sites qui ne m'appartienne étranger qui ne m'appartienne pas.
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 110.167.95.x - - [10/Jun/2019:11:05:52 +0200] "HEAD http://123.125.114.144/ HTTP/1.1" 200 263 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36" 60.13.6.x - - [10/Jun/2019:11:05:54 +0200] "GET http://www.rfa.org/english/ HTTP/1.1" 404 407 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoMozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 182.138.214.x - - [10/Jun/2019:11:05:54 +0200] "GET http://www.123cha.com/ HTTP/1.1" 200 1565 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" 220.200.167.x - - [10/Jun/2019:11:05:56 +0200] "GET http://www.wujieliulan.com/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoMozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 119.118.27.x - - [10/Jun/2019:11:05:57 +0200] "CONNECT www.voanews.com:443 HTTP/1.1" 200 0 "-" "PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3" 111.224.235.x - - [10/Jun/2019:11:05:57 +0200] "CONNECT www.baidu.com:443 HTTP/1.1" 200 3241 "-" "PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3" 111.224.235.x - - [10/Jun/2019:11:05:58 +0200] "\x16\x03\x01\x01\b\x01" 400 0 "-" "-" 180.95.238.x - - [10/Jun/2019:11:06:01 +0200] "GET http://boxun.com/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 60.13.6.x - - [10/Jun/2019:11:06:01 +0200] "GET http://www.minghui.org/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 113.57.114.x - - [10/Jun/2019:11:06:02 +0200] "GET http://www.epochtimes.com/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" 220.175.60.x - - [10/Jun/2019:11:06:03 +0200] "CONNECT cn.bing.com:443 HTTP/1.1" 200 3241 "-" "PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3" 220.175.60.x - - [10/Jun/2019:11:06:03 +0200] "\x16\x03\x01\x01\x06\x01" 400 0 "-" "-" 124.88.113.x - - [10/Jun/2019:11:06:03 +0200] "GET http://www.ip.cn/ HTTP/1.1" 200 1565 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 198.108.66.x - - [10/Jun/2019:11:36:11 +0200] "GET / HTTP/1.1" 200 4665 "-" "Mozilla/5.0 zgrab/0.x" 3.81.130.x - - [10/Jun/2019:13:09:06 +0200] "GET / HTTP/1.1" 200 4856 "-" "Mozilla/5.0 (Windows NT 6.2;en-US) AppleWebKit/537.32.36 (KHTML, live Gecko) Chrome/52.0.3081.94 Safari/537.32" 43.239.122.x - - [10/Jun/2019:13:10:32 +0200] "CONNECT www.jd.com:443 HTTP/1.0" 200 3260 "-" "-"
J'ai anonymisé les IP.
J'ai 1 HEAD et plein de GET / CONNECT.
Merci de votre clairvoyance.
J’espère ne pas être parano
Partager