Odd requests in the http server access log
up vote
1
down vote
favorite
I switched to Nnginx from Apache, and took a look at the access logs. There are some requests scanning for phpMyAdmin etc, but I was surprised to find requests for weird sites. For example:
156.201.91.152 - - [14/Nov/2018:23:43:14 +0100] "GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1" 404 234 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
I have no clue what yastatic.net
or bootstrap.min.css
are. I have a number of those isolated requests giving 404. I went to check the access log for my old Apache instance, and there they can be found too, but with a 302 status code.
Any clue what that is about?
A got other weird ones. Here is someone asking for http://www.bing.com/
, apparently coming from a google search results page:
46.119.114.237 - - [14/Nov/2018:23:15:58 +0100] "GET http://www.bing.com/ HTTP/1.1" 200 5616 "http://www.google.co.uk/search?q=%3Ctitle%3EBing%3C%2Ftitle%3E%20www.bing.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) (Prevx 3.0.5)"
http
add a comment |
up vote
1
down vote
favorite
I switched to Nnginx from Apache, and took a look at the access logs. There are some requests scanning for phpMyAdmin etc, but I was surprised to find requests for weird sites. For example:
156.201.91.152 - - [14/Nov/2018:23:43:14 +0100] "GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1" 404 234 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
I have no clue what yastatic.net
or bootstrap.min.css
are. I have a number of those isolated requests giving 404. I went to check the access log for my old Apache instance, and there they can be found too, but with a 302 status code.
Any clue what that is about?
A got other weird ones. Here is someone asking for http://www.bing.com/
, apparently coming from a google search results page:
46.119.114.237 - - [14/Nov/2018:23:15:58 +0100] "GET http://www.bing.com/ HTTP/1.1" 200 5616 "http://www.google.co.uk/search?q=%3Ctitle%3EBing%3C%2Ftitle%3E%20www.bing.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) (Prevx 3.0.5)"
http
1
There's some information on this here. It looks like someone is port scanning your server for vulnerabilities.
– Worthwelle
15 hours ago
What was your site hosting before? You mention Nginx and Apache as if that switch means something. It doesn’t. All you are noticing is Apache would redirect these requests to your root (I assume) and Nginx is simply dropping dead in it’s tracks. The reality is your site is being probed with tons of fake requests by a bot scanning you. Don’t take it personally: Every website in the modern world is being endlessly scanned. I would not lose sleep over this.
– JakeGould
11 hours ago
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I switched to Nnginx from Apache, and took a look at the access logs. There are some requests scanning for phpMyAdmin etc, but I was surprised to find requests for weird sites. For example:
156.201.91.152 - - [14/Nov/2018:23:43:14 +0100] "GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1" 404 234 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
I have no clue what yastatic.net
or bootstrap.min.css
are. I have a number of those isolated requests giving 404. I went to check the access log for my old Apache instance, and there they can be found too, but with a 302 status code.
Any clue what that is about?
A got other weird ones. Here is someone asking for http://www.bing.com/
, apparently coming from a google search results page:
46.119.114.237 - - [14/Nov/2018:23:15:58 +0100] "GET http://www.bing.com/ HTTP/1.1" 200 5616 "http://www.google.co.uk/search?q=%3Ctitle%3EBing%3C%2Ftitle%3E%20www.bing.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) (Prevx 3.0.5)"
http
I switched to Nnginx from Apache, and took a look at the access logs. There are some requests scanning for phpMyAdmin etc, but I was surprised to find requests for weird sites. For example:
156.201.91.152 - - [14/Nov/2018:23:43:14 +0100] "GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1" 404 234 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
I have no clue what yastatic.net
or bootstrap.min.css
are. I have a number of those isolated requests giving 404. I went to check the access log for my old Apache instance, and there they can be found too, but with a 302 status code.
Any clue what that is about?
A got other weird ones. Here is someone asking for http://www.bing.com/
, apparently coming from a google search results page:
46.119.114.237 - - [14/Nov/2018:23:15:58 +0100] "GET http://www.bing.com/ HTTP/1.1" 200 5616 "http://www.google.co.uk/search?q=%3Ctitle%3EBing%3C%2Ftitle%3E%20www.bing.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) (Prevx 3.0.5)"
http
http
edited 11 hours ago
JakeGould
30.5k1093134
30.5k1093134
asked 15 hours ago
luntain
228128
228128
1
There's some information on this here. It looks like someone is port scanning your server for vulnerabilities.
– Worthwelle
15 hours ago
What was your site hosting before? You mention Nginx and Apache as if that switch means something. It doesn’t. All you are noticing is Apache would redirect these requests to your root (I assume) and Nginx is simply dropping dead in it’s tracks. The reality is your site is being probed with tons of fake requests by a bot scanning you. Don’t take it personally: Every website in the modern world is being endlessly scanned. I would not lose sleep over this.
– JakeGould
11 hours ago
add a comment |
1
There's some information on this here. It looks like someone is port scanning your server for vulnerabilities.
– Worthwelle
15 hours ago
What was your site hosting before? You mention Nginx and Apache as if that switch means something. It doesn’t. All you are noticing is Apache would redirect these requests to your root (I assume) and Nginx is simply dropping dead in it’s tracks. The reality is your site is being probed with tons of fake requests by a bot scanning you. Don’t take it personally: Every website in the modern world is being endlessly scanned. I would not lose sleep over this.
– JakeGould
11 hours ago
1
1
There's some information on this here. It looks like someone is port scanning your server for vulnerabilities.
– Worthwelle
15 hours ago
There's some information on this here. It looks like someone is port scanning your server for vulnerabilities.
– Worthwelle
15 hours ago
What was your site hosting before? You mention Nginx and Apache as if that switch means something. It doesn’t. All you are noticing is Apache would redirect these requests to your root (I assume) and Nginx is simply dropping dead in it’s tracks. The reality is your site is being probed with tons of fake requests by a bot scanning you. Don’t take it personally: Every website in the modern world is being endlessly scanned. I would not lose sleep over this.
– JakeGould
11 hours ago
What was your site hosting before? You mention Nginx and Apache as if that switch means something. It doesn’t. All you are noticing is Apache would redirect these requests to your root (I assume) and Nginx is simply dropping dead in it’s tracks. The reality is your site is being probed with tons of fake requests by a bot scanning you. Don’t take it personally: Every website in the modern world is being endlessly scanned. I would not lose sleep over this.
– JakeGould
11 hours ago
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Someone is asking your server for the page http://yastatic.net... We can only speculate at the reasons why.
I think the most likely cause is either a bot which is incorrectly configured or something trying to fingerprint / exploit your system. There are other possible explanations but they would seem less likely as the IP addresses requesting this change are very different over a not-that-long time period. Similarly the browser strings are very different and appear to have been picked up from someone elses logs.
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Someone is asking your server for the page http://yastatic.net... We can only speculate at the reasons why.
I think the most likely cause is either a bot which is incorrectly configured or something trying to fingerprint / exploit your system. There are other possible explanations but they would seem less likely as the IP addresses requesting this change are very different over a not-that-long time period. Similarly the browser strings are very different and appear to have been picked up from someone elses logs.
add a comment |
up vote
0
down vote
Someone is asking your server for the page http://yastatic.net... We can only speculate at the reasons why.
I think the most likely cause is either a bot which is incorrectly configured or something trying to fingerprint / exploit your system. There are other possible explanations but they would seem less likely as the IP addresses requesting this change are very different over a not-that-long time period. Similarly the browser strings are very different and appear to have been picked up from someone elses logs.
add a comment |
up vote
0
down vote
up vote
0
down vote
Someone is asking your server for the page http://yastatic.net... We can only speculate at the reasons why.
I think the most likely cause is either a bot which is incorrectly configured or something trying to fingerprint / exploit your system. There are other possible explanations but they would seem less likely as the IP addresses requesting this change are very different over a not-that-long time period. Similarly the browser strings are very different and appear to have been picked up from someone elses logs.
Someone is asking your server for the page http://yastatic.net... We can only speculate at the reasons why.
I think the most likely cause is either a bot which is incorrectly configured or something trying to fingerprint / exploit your system. There are other possible explanations but they would seem less likely as the IP addresses requesting this change are very different over a not-that-long time period. Similarly the browser strings are very different and appear to have been picked up from someone elses logs.
answered 12 hours ago
davidgo
41k74684
41k74684
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1375494%2fodd-requests-in-the-http-server-access-log%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
There's some information on this here. It looks like someone is port scanning your server for vulnerabilities.
– Worthwelle
15 hours ago
What was your site hosting before? You mention Nginx and Apache as if that switch means something. It doesn’t. All you are noticing is Apache would redirect these requests to your root (I assume) and Nginx is simply dropping dead in it’s tracks. The reality is your site is being probed with tons of fake requests by a bot scanning you. Don’t take it personally: Every website in the modern world is being endlessly scanned. I would not lose sleep over this.
– JakeGould
11 hours ago