Foros del Web » Administración de Sistemas » Apache »

sobrecargas apache y logs extraños

Estas en el tema de sobrecargas apache y logs extraños en el foro de Apache en Foros del Web. que son estos logs ? Proximadamente cada minuto Código: 174.123.174.34 - - [05/Apr/2011:03:41:14 +0200] "POST http ://yourinfo.any-request-allowed.com/ HTTP/1.1" 200 565 "-" "Mozilla/4.0 (compatible; MSIE 6.0; ...
  #1 (permalink)  
Antiguo 05/04/2011, 06:06
(Desactivado)
 
Fecha de Ingreso: octubre-2009
Mensajes: 85
Antigüedad: 15 años
Puntos: 1
sobrecargas apache y logs extraños

que son estos logs ?

Proximadamente cada minuto
Código:
174.123.174.34 - - [05/Apr/2011:03:41:14 +0200] "POST http ://yourinfo.any-request-allowed.com/ HTTP/1.1" 200 565 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
y luego estos:

Código:
61.47.35.40 - - [03/Apr/2011:17:57:11 +0200] "GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:11 +0200] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:12 +0200] "GET /phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:12 +0200] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:12 +0200] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 288 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:13 +0200] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 286 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:14 +0200] "GET /websql/scripts/setup.php HTTP/1.1" 404 286 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:14 +0200] "GET /webdb/scripts/setup.php HTTP/1.1" 404 285 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:15 +0200] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 290 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:15 +0200] "GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:15 +0200] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:16 +0200] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:17 +0200] "GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:17 +0200] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:18 +0200] "GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:19 +0200] "GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:20 +0200] "GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:20 +0200] "GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:21 +0200] "GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:22 +0200] "GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:22 +0200] "GET /phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:23 +0200] "GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 302 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:24 +0200] "GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:25 +0200] "GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:28 +0200] "GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:29 +0200] "GET /phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:30 +0200] "GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 302 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:30 +0200] "GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:31 +0200] "GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:32 +0200] "GET /phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:33 +0200] "GET /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 298 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:33 +0200] "GET /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 298 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:34 +0200] "GET /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 298 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:35 +0200] "GET /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 298 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:36 +0200] "GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:36 +0200] "GET /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:40 +0200] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:41 +0200] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 290 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:41 +0200] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 292 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:42 +0200] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 285 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:43 +0200] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 287 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:44 +0200] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 287 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:44 +0200] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 290 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:45 +0200] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:46 +0200] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:46 +0200] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 288 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:47 +0200] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 286 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:51 +0200] "GET /websql/scripts/setup.php HTTP/1.1" 404 286 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:51 +0200] "GET /webdb/scripts/setup.php HTTP/1.1" 404 285 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:52 +0200] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 290 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:53 +0200] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
94.76.115.103 - - [03/Apr/2011:18:42:32 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
94.76.115.103 - - [03/Apr/2011:18:42:32 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
Código:
46.161.11.245 - - [05/Apr/2011:10:41:14 +0200] "POST http://myinfo.any-request-allowed.com/?strGet=get7706 HTTP/1.1" 200 565 "-" "-"
193.105.210.11 - - [05/Apr/2011:11:15:25 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-"
193.105.210.11 - - [05/Apr/2011:11:15:25 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-"
193.105.210.11 - - [05/Apr/2011:12:33:08 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-"
193.105.210.11 - - [05/Apr/2011:12:33:09 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-"
Código:
85.14.217.19 - - [02/Apr/2011:23:03:09 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
85.14.217.19 - - [02/Apr/2011:23:03:09 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
213.172.77.64 - - [02/Apr/2011:23:25:43 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
213.172.77.64 - - [02/Apr/2011:23:25:46 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
173.203.50.210 - - [03/Apr/2011:03:46:09 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
173.203.50.210 - - [03/Apr/2011:03:46:09 +0200] "GET /" 400 549 "-" "-"
173.203.50.210 - - [03/Apr/2011:03:46:09 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
173.203.50.210 - - [03/Apr/2011:03:46:09 +0200] "GET /" 400 549 "-" "-"
86.105.36.244 - - [03/Apr/2011:04:02:31 +0200] "GET /admin/cdr/counter.txt HTTP/1.1" 404 284 "-" "-"
86.105.36.244 - - [03/Apr/2011:04:02:31 +0200] "GET /admin/cdr/counter.txt HTTP/1.1" 404 284 "-" "-"
y muchos mas en este estilo, ademas me di cuenta de que corresponden mas o menos con la hora cuando se me sobrecarga apache. Y ademas es que todas las IP son de rumania , alemania, china, Estados unidos, que es imposible que yo tenga visitas de estos paises ya que el servidor es nuevo y aun ni me dio tiempo a subir las paginas web, de momento solo tengo una web de un colegio que esta esperando un rediseño y solo tiene visitas de Toledo.

He repasado todo el log access_log, y he encontrado como 9 dirreciones ip extrañas de diferentes países ( Rumania, China , etc... a y todos tiene algo en comun, el:
Código:
w00tw00t.at.ISC.SANS.DFind:)
Puede ser esta la culpa de la sobrecarga de apache ?
Espero vuestros comentarios amigos ;)
Aver si juntos podemos solucionar este problema que no me deja dormir tranquilo .
  #2 (permalink)  
Antiguo 05/04/2011, 06:25
(Desactivado)
 
Fecha de Ingreso: octubre-2009
Mensajes: 85
Antigüedad: 15 años
Puntos: 1
Respuesta: sobrecargas apache y logs extraños

Y esto que contiene frases en rumano ( las he traducido en google traductor y me lo traduce como "Todo mi amor para el diablo"
Código:
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET HTTP/1.1 HTTP/1.1" 400 290 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET /roundcube//bin/msgimport HTTP/1.1" 404 286 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET /rc//bin/msgimport HTTP/1.1" 404 279 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET /mss2//bin/msgimport HTTP/1.1" 404 281 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET /mail//bin/msgimport HTTP/1.1" 404 281 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET /mail2//bin/msgimport HTTP/1.1" 404 282 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET /roundcubemail//bin/msgimport HTTP/1.1" 404 290 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET /rms//bin/msgimport HTTP/1.1" 404 280 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET /webmail2//bin/msgimport HTTP/1.1" 404 285 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET /webmail//bin/msgimport HTTP/1.1" 404 284 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:07 +0200] "GET /wm//bin/msgimport HTTP/1.1" 404 279 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:08 +0200] "GET /bin/msgimport HTTP/1.1" 404 275 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET HTTP/1.1 HTTP/1.1" 400 290 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /roundcubemail-0.1//bin/msgimport HTTP/1.1" 404 294 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /roundcube//bin/msgimport HTTP/1.1" 404 286 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /roundcubemail-0.2//bin/msgimport HTTP/1.1" 404 294 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /rc//bin/msgimport HTTP/1.1" 404 279 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /roundcube-0.1//bin/msgimport HTTP/1.1" 404 290 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /mss2//bin/msgimport HTTP/1.1" 404 281 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /roundcube-0.2//bin/msgimport HTTP/1.1" 404 290 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /mail//bin/msgimport HTTP/1.1" 404 281 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /round//bin/msgimport HTTP/1.1" 404 282 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /mail2//bin/msgimport HTTP/1.1" 404 282 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /cube//bin/msgimport HTTP/1.1" 404 281 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:09 +0200] "GET /roundcubemail//bin/msgimport HTTP/1.1" 404 290 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET  HTTP/1.1" 400 283 "-" "-"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /rms//bin/msgimport HTTP/1.1" 404 280 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /webmail2//bin/msgimport HTTP/1.1" 404 285 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /webmail//bin/msgimport HTTP/1.1" 404 284 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /wm//bin/msgimport HTTP/1.1" 404 279 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /bin/msgimport HTTP/1.1" 404 275 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /roundcubemail-0.1//bin/msgimport HTTP/1.1" 404 294 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /roundcubemail-0.2//bin/msgimport HTTP/1.1" 404 294 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /roundcube-0.1//bin/msgimport HTTP/1.1" 404 290 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /roundcube-0.2//bin/msgimport HTTP/1.1" 404 290 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /round//bin/msgimport HTTP/1.1" 404 282 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:10 +0200] "GET /cube//bin/msgimport HTTP/1.1" 404 281 "-" "Toata dragostea mea pentru diavola"
78.129.214.114 - - [01/Apr/2011:21:12:11 +0200] "GET  HTTP/1.1" 400 283 "-" "-"
::1 - - [01/Apr/2011:21:12:12 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"
::1 - - [01/Apr/2011:21:12:13 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"
::1 - - [01/Apr/2011:21:12:14 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"
::1 - - [01/Apr/2011:21:12:15 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"
::1 - - [01/Apr/2011:21:12:16 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"
::1 - - [01/Apr/2011:21:12:17 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"
  #3 (permalink)  
Antiguo 05/04/2011, 13:21
 
Fecha de Ingreso: agosto-2008
Ubicación: Colombia
Mensajes: 342
Antigüedad: 16 años, 3 meses
Puntos: 24
Respuesta: sobrecargas apache y logs extraños

Sin tener un acceso directo por consola no sería muy serio el dar consejos al respecto, sin embargo yo diría que le pasaras eso a una sys admin. totalserversolutions o admingeekz o rack911, de paso hasta te podrian optimizar el servidor.

Etiquetas: extraños, logs, servidores-web
Atención: Estás leyendo un tema que no tiene actividad desde hace más de 6 MESES, te recomendamos abrir un Nuevo tema en lugar de responder al actual.
Respuesta




La zona horaria es GMT -6. Ahora son las 09:58.