Jump to content


Photo

error_log & access logs showing redirection errors


Best Answer kicken, 19 June 2014 - 11:06 AM

You could possibly get them out of your access log using something like this:

RewriteEngine on
RewriteCond %{REQUEST_URI} ^[^?]*://
RewriteRule ^ - [F,L,E=nolog]


CustomLog logs/access_log common env=!nolog
If you're ok with just disabling logging entirely though then might as well go that route and make things easier. If you'd prefer to keep logging enabled then probably the easiest thing to do would be to just make sure you have log rotation setup and configure that as needed to limit the size of your log files and keep the disk usage in check. Go to the full post


  • Please log in to reply
3 replies to this topic

#1 KubeR

KubeR

    Advanced Member

  • Members
  • PipPipPip
  • 70 posts
  • Age:17

Posted 18 June 2014 - 11:14 AM

Hello,
 
Recently I put my websites up, but since then it constantly records entrys from domains which are trying to reach strange paths.
 
 

103.19.87.175 - - [18/Jun/2014:12:07:12 -0400] "CONNECT www.walmart.com:443 HTTP/1.1" 405 307 "-" "-"
198.100.98.214 - - [18/Jun/2014:12:07:23 -0400] "CONNECT www.amazon.com:443 HTTP/1.1" 405 306 "-" "-"
168.63.216.55 - - [18/Jun/2014:12:07:30 -0400] "GET http://luongson.servegame.com/ HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
31.6.71.243 - - [18/Jun/2014:12:07:34 -0400] "GET http://www.proxy-listen.de/azenv.php HTTP/1.1" 404 1402 "http://www.google.de...roxy-listen.de" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) (Prevx 3.0.5)"
168.63.216.55 - - [18/Jun/2014:12:07:39 -0400] "GET http://luongson.servegame.com/ HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
192.155.106.104 - - [18/Jun/2014:12:07:39 -0400] "GET http://pm.5188bh.com/header53621.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; FunWebProducts)"
192.155.106.116 - - [18/Jun/2014:12:07:48 -0400] "GET http://121.199.31.193/proxyheader.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; SV1)"
80.138.67.164 - - [18/Jun/2014:12:08:00 -0400] "GET http://www.proxy-listen.de/azenv.php HTTP/1.1" 404 1402 "http://www.google.co...roxy-listen.de" "Opera/9.20 (Windows NT 6.0; U; en)"
192.155.106.109 - - [18/Jun/2014:12:08:03 -0400] "GET http://121.199.31.193/proxyheader.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; SV1; HbTools 4.7.0)"
98.126.248.250 - - [18/Jun/2014:12:08:06 -0400] "GET http://121.199.31.193/proxyheader.php HTTP/1.1" 404 1402 "-" "Mozilla/5.0 (Windows; U; Win 9x 4.90; de-DE; rv:1.8.1.21) Gecko/20090331 K-Meleon/1.5.3"
61.228.20.235 - - [18/Jun/2014:12:08:07 -0400] "CONNECT mx0.mail2000.com.tw:25 HTTP/1.0" 405 310 "-" "-"
192.155.106.106 - - [18/Jun/2014:12:08:09 -0400] "GET http://pm.5188bh.com/judgelife.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"
61.228.24.110 - - [18/Jun/2014:12:08:10 -0400] "CONNECT mx2.mail2000.com.tw:25 HTTP/1.0" 405 310 "-" "-"
61.228.88.55 - - [18/Jun/2014:12:08:21 -0400] "CONNECT mx3.mail2000.com.tw:25 HTTP/1.0" 405 310 "-" "-"
192.155.106.124 - - [18/Jun/2014:12:08:24 -0400] "GET http://pm.5188bh.com/judgelife.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Acoo Browser; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)"
204.44.65.54 - - [18/Jun/2014:12:08:35 -0400] "CONNECT www.walmart.com:443 HTTP/1.1" 405 307 "-" "-"
192.155.106.105 - - [18/Jun/2014:12:08:36 -0400] "GET http://pm.5188bh.com/header53621.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Acoo Browser; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; InfoPath.2)"


[Wed Jun 18 12:07:30 2014] [error] [client 168.63.216.55] Directory index forbidden by Options directive: /var/www/html/
[Wed Jun 18 12:07:30 2014] [error] [client 168.63.216.55] File does not exist: /var/www/html/error/noindex.html
[Wed Jun 18 12:07:34 2014] [error] [client 31.6.71.243] script '/var/www/html/azenv.php' not found or unable to stat, referer: http://www.google.de...proxy-listen.de
[Wed Jun 18 12:07:39 2014] [error] [client 168.63.216.55] Directory index forbidden by Options directive: /var/www/html/
[Wed Jun 18 12:07:39 2014] [error] [client 168.63.216.55] File does not exist: /var/www/html/error/noindex.html
[Wed Jun 18 12:07:39 2014] [error] [client 192.155.106.104] script '/var/www/html/header53621.php' not found or unable to stat
[Wed Jun 18 12:07:48 2014] [error] [client 192.155.106.116] script '/var/www/html/proxyheader.php' not found or unable to stat
[Wed Jun 18 12:08:00 2014] [error] [client 80.138.67.164] script '/var/www/html/azenv.php' not found or unable to stat, referer: http://www.google.co...proxy-listen.de
[Wed Jun 18 12:08:03 2014] [error] [client 192.155.106.109] script '/var/www/html/proxyheader.php' not found or unable to stat
[Wed Jun 18 12:08:06 2014] [error] [client 98.126.248.250] script '/var/www/html/proxyheader.php' not found or unable to stat
[Wed Jun 18 12:08:09 2014] [error] [client 192.155.106.106] script '/var/www/html/judgelife.php' not found or unable to stat
[Wed Jun 18 12:08:24 2014] [error] [client 192.155.106.124] script '/var/www/html/judgelife.php' not found or unable to stat
[Wed Jun 18 12:08:36 2014] [error] [client 192.155.106.105] script '/var/www/html/header53621.php' not found or unable to stat


Is there away to stop those fail path reach logs and only records what's else ?
Or even completely stop it ?


My operation system is CentOS 32bit.

#2 requinix

requinix

    Hopeless Member

  • Moderators
  • 5,977 posts
  • LocationWA

Posted 18 June 2014 - 01:08 PM

They're looking for open proxies.

It's normal, and as long as you're not vulnerable it's nothing to worry about. If you want to take the extra step to totally block access you can do
RewriteEngine on
RewriteCond %{REQUEST_URI} ^[^?]*://
RewriteRule ^ - [F,L]
More powerful would be modsecurity, but the default install tends to block some legitimate requests so it may take some fine-tuning.
When in doubt, CHECK YOUR ERROR LOG

#3 KubeR

KubeR

    Advanced Member

  • Members
  • PipPipPip
  • 70 posts
  • Age:17

Posted 19 June 2014 - 10:29 AM

Okay,I managed to install mod_security and added the RewriteEngine in .htacces as extra.
But it doesn't seem to work.
error_log
 
 

[Thu Jun 19 11:22:34 2014] [error] [client 173.208.195.108] Directory index forbidden by Options directive: /var/www/html/
[Thu Jun 19 11:22:34 2014] [error] [client 173.208.195.108] File does not exist: /var/www/html/error/noindex.html
[Thu Jun 19 11:22:35 2014] [error] [client 180.183.235.120] Directory index forbidden by Options directive: /var/www/html/, referer: http://www.google.nl...m microsoft.com
[Thu Jun 19 11:22:35 2014] [error] [client 180.183.235.120] File does not exist: /var/www/html/error/noindex.html, referer: http://www.google.nl...m microsoft.com
[Thu Jun 19 11:22:42 2014] [error] [client 107.150.39.154] File does not exist: /var/www/html/Preview, referer: http://www.turbosqui...-anatomy/613232

access_log looks the same...
If it's normal then I think the best option will be to turn off the logging completely, because I waste lots of storage on just storing these logs.

Edited by KubeR, 19 June 2014 - 10:32 AM.


#4 kicken

kicken

    Wiser? Not exactly.

  • Gurus
  • 2,667 posts
  • LocationBonita, FL

Posted 19 June 2014 - 11:06 AM   Best Answer

You could possibly get them out of your access log using something like this:
RewriteEngine on
RewriteCond %{REQUEST_URI} ^[^?]*://
RewriteRule ^ - [F,L,E=nolog]


CustomLog logs/access_log common env=!nolog
If you're ok with just disabling logging entirely though then might as well go that route and make things easier. If you'd prefer to keep logging enabled then probably the easiest thing to do would be to just make sure you have log rotation setup and configure that as needed to limit the size of your log files and keep the disk usage in check.
Recycle your old CD's, don't trash them!
Did I help you out?  Feeling generous? I accept tips via Paypal or Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com