Що за request-и са това?

r.stefanov

New Member
access_log

Код:
99.120.141.11 - - [27/Jan/2013:14:29:24 +0200] "GET /nQx1fbbe016Y7Pu8aOCOuA+2ratNnXnOyQJkBB60CQsy5Lzc41/MzQROqF0tnJkeUeADV8Zpu/x+lRE/rkG72pMyenlCJoJiVLBJVNdg7SSmiCdm81jUhT04LXsWxrcaSxZ9+Ax/xQF+NwMWpJ05EEERc0e13d8pOxADwas=51Q HTTP/1.1" 404 369
62.68.60.155 - - [27/Jan/2013:14:29:33 +0200] "GET /NQ81hjNE1a7Yp5G7aOCOuA+2ratJyH+enAo2BUizVVk757Pd4AjLmVRJpwdxn89LA+EAW8Juvv0rwBU4rkG72pQ6enlCJoJiVLBJVNdm7SSmiCdm81jUhT04LXsWxrMGSxBv+AZyzx5/PQ1DpJ53VEwQPU+13NoqPQ==74Q HTTP/1.1" 404 365
83.113.193.245 - - [27/Jan/2013:14:29:43 +0200] "GET /WYc2mNtE116JWBg9aOCOuA+2rasZy3zLzgNiBEjhVQw6t7uB4AnKnQNPoVtwz8hNB7FTCpI4sP0ow0Zorka70ZAxenlCJYJgUP8FScpoqW29lzZ0917UlU47TmYIiq4SFE5o9hlz2AliNB4BvdF0GkEbNke21NglcBEDyq4Mi6Fvj0RHIl5AeAWQxaM552w HTTP/1.1" 404 389
93.86.169.28 - - [27/Jan/2013:14:29:44 +0200] "GET /phm2wiRE0b6yBVG7aOCOuA+2ratGkCCexVd7Ah7iVQh25PeIq1qc1FIFog81mdJLE7ZUXsMv28952BNwtxymnNN+ayhGYsQ9CbBKT9UtqSmwxTBj9lnUllldJw==64q HTTP/1.1" 404 325
37.49.83.81 - - [27/Jan/2013:14:30:05 +0200] "GET /wqu3xuad0h3qw5S8aOCOuA+2ratNxyjJmwowBkrhDwpu7bPb5AzOzFoboFovyMgcBLZWWcI8uP0uwBdorkG725g1enlCJoJiVLBJVNdg7SemiSdi9VjVhT04L3sWxrYRSwdr+Ax/xQF+NwMWpJ5wGQURN0781N4qOBYBxqsGhg==84W HTTP/1.1" 404 373
71.123.61.11 - - [27/Jan/2013:14:30:09 +0200] "GET /jyv29rSC1F7FvlO9aOCOuA+2rasZxirGyVYzBBbiXgls7b+KtAzJm1QZoQ1/zshLCrEED8Y4v6t9kxM4rkG72pQ2enlCJoJiVLBJVNdg7SemiCdj81jVhT04L3sWmqpCUh9r6khvzg1xMAMctcg5GAURN07819kvOxkJxq8Eiw==53Q HTTP/1.1" 404 373
173.216.46.27 - - [27/Jan/2013:14:30:17 +0200] "GET /VhT1KsLU0A4YRHU7aOCOuA+2rasfnn/GzgIwUEvjDlo8tr6AsAzMylofowotnMVLV+BVD8U9uqx6zxo9rkG72pQ2enlCJoJiVLBJVNdg7SemiCdj81jVhT04L3sWmqpCUh9r6khvzg17PQkDtMI3TQUZc0643ZMuPhMBwa0BgKBo54c HTTP/1.1" 404 373
68.191.208.164 - - [27/Jan/2013:14:30:27 +0200] "GET /mqY1KsrX086mU0S9aOCOuA+2ratLmyvLzAYyUh3hCQ0z5O6It1POywQd8Fx7zp0YUr1SWMo+vf59xhtqrkG72pQ2enlCJoJiVLBJVNdg7SemiSdi9VjVhT04L3sWmqpCUh9r6khvzg17PQkDtMI3TQUZc0643ZMvPhEBwqwDiqFn64w HTTP/1.1" 404 373
24.118.198.108 - - [27/Jan/2013:14:30:34 +0200] "GET /EKG2wTfU1k5mLDo8aOCOuA+2ratGkCCexVd7Ah7hWA525PeIq1qc1FIFog81mdJLE7ZUXsMv28942BNwtxymnNN+byxGZsA9FakFSdFg7SmwgXtn9VvdlFxaK2cW64q HTTP/1.1" 404 325
88.73.142.156 - - [27/Jan/2013:14:31:03 +0200] "GET /gyZ3SRqd036jkFS8aOCOuA+2ratNzHzMmQU+BhniDA5s4+qNsV6fnVpJpQh4n51JALFQXMNr7fooxBpqrkG725g1enlCJoJiVLBJVNdg7SemiSdi9VjWhT04LHsWxrYRSwdr+AZyzx5/PQ1A7Zw5EEERc0S51tYsNBgGyg==84W HTTP/1.1" 404 369
71.233.33.194 - - [27/Jan/2013:14:31:25 +0200] "GET /7aV3gMSL1m6y8As9aOCOuA+2rasZySzIzgUyUBm2Wwo54r+KtV7KzFseoVt+zpgeBOVRWsE2v/18k0A7rkG725E6enlCJoJiVLBJVNdg7SemiSdi9VjWhT04LHsWxrcaSxZ9+Ax/xQF+NwMWpJ5wGQURN0781NgqNBkJwqoGhg==61c HTTP/1.1" 404 373
108.80.2.23 - - [27/Jan/2013:14:31:36 +0200] "GET /ua02mHDd0Q7QnKO7aOCOuA+2ratMm36dywc/AkrpDgBr4r2Bs1ufnlNOoV0qzZgcArUGDZA6uqZ8kBo8rkG72pQ2enlCJoJiVLBJVNdg7SemiSdi9VjVhT04L3sWmqpCUh9r6khvzg17PQkDtMI3TQUZc0G30pMoPBQFwqgDgw==54c HTTP/1.1" 404 373
117.207.66.121 - - [27/Jan/2013:14:31:37 +0200] "GET /Ahh3gthX0G4yRoU7aOCOuA+2ratGkCCexVd7Ah7gWQl25PeIq1qc1FIFog81mdJLE7ZUXsMv28942BNwtxymnNN+aTlbZM0uVPlIBtxpqW25jTVj8lvWll4=84Q HTTP/1.1" 404 321
64.252.205.125 - - [27/Jan/2013:14:31:49 +0200] "GET /Kq82QxQd005xMDO8aOCOuA+2rascx37Mn1Q2BBrpDAw9t72B51rKzQAc9VwrzcpIUrNWCMY57vkswEY/rkG725E6enlCJoJiVLBJVNdm7SemiSdi9VjVhT04L3sWmqpCUh9r6khvzg1xMAMctcg5G0wYc0C0mdwrPxkHxqkMhag=51W HTTP/1.1" 404 373
83.203.151.238 - - [27/Jan/2013:14:32:03 +0200] "GET /JYH3nkaC097Xn9G9aOCOuA+2rasayn7IzQM/Bx7hXw0/7O2Nsl2ZmVBPoQsolMgbBrYHWss7sPovkEY+rkG725Y6enlCJoJiVLBJVNdg7SemiSdi9VjUhT04LnsWxrQGSwV8+AZyzx5/PQ1A7Zw5EEERc0W21N0qNBIFxqw=81I HTTP/1.1" 404 369

error_log

Код:
[Sun Jan 27 14:29:10 2013] [error] [client 81.102.113.83] File does not exist: /etc/нещо_си/нещо_си2/BKI3EFmE1g6qLyo8aOCOuA+2ratKm3jGygAxAkqzXgA65eiMsA
[Sun Jan 27 14:29:13 2013] [error] [client 76.112.182.17] File does not exist: /etc/нещо_си/нещо_си2/7am2vCvE0c7qots9aOCOuA+2ratMziyazVdiUk3oWFxo7O2K4AyZmVoZpw16msxMUb0GCMpp6a0rlBZorkG72ZQ1enlCJoJiVLBJVNdg7SemiSdi9VjWhT04LHsWxrcaSxZ9+AZyzx5
[Sun Jan 27 14:29:24 2013] [error] [client 99.120.141.11] File does not exist: /etc/нещо_си/нещо_си2/nQx1fbbe016Y7Pu8aOCOuA+2ratNnXnOyQJkBB60CQsy5Lzc41
[Sun Jan 27 14:29:33 2013] [error] [client 62.68.60.155] File does not exist: /etc/нещо_си/нещо_си2/NQ81hjNE1a7Yp5G7aOCOuA+2ratJyH+enAo2BUizVVk757Pd4AjLmVRJpwdxn89LA+EAW8Juvv0rwBU4rkG72pQ6enlCJoJiVLBJVNdm7SSmiCdm81jUhT04LXsWxrMGSxBv+AZyzx5
[Sun Jan 27 14:29:43 2013] [error] [client 83.113.193.245] File does not exist: /etc/нещо_си/нещо_си2/WYc2mNtE116JWBg9aOCOuA+2rasZy3zLzgNiBEjhVQw6t7uB4AnKnQNPoVtwz8hNB7FTCpI4sP0ow0Zorka70ZAxenlCJYJgUP8FScpoqW29lzZ0917UlU47TmYIiq4SFE5o9hlz2AliNB4BvdF0GkEbNke21NglcBEDyq4Mi6Fvj0RHIl5AeAWQxaM552w
[Sun Jan 27 14:29:44 2013] [error] [client 93.86.169.28] File does not exist: /etc/нещо_си/нещо_си2/phm2wiRE0b6yBVG7aOCOuA+2ratGkCCexVd7Ah7iVQh25PeIq1qc1FIFog81mdJLE7ZUXsMv28952BNwtxymnNN+ayhGYsQ9CbBKT9UtqSmwxTBj9lnUllldJw==64q
[Sun Jan 27 14:30:05 2013] [error] [client 37.49.83.81] File does not exist: /etc/нещо_си/нещо_си2/wqu3xuad0h3qw5S8aOCOuA+2ratNxyjJmwowBkrhDwpu7bPb5AzOzFoboFovyMgcBLZWWcI8uP0uwBdorkG725g1enlCJoJiVLBJVNdg7SemiSdi9VjVhT04L3sWxrYRSwdr+Ax
[Sun Jan 27 14:30:09 2013] [error] [client 71.123.61.11] File does not exist: /etc/нещо_си/нещо_си2/jyv29rSC1F7FvlO9aOCOuA+2rasZxirGyVYzBBbiXgls7b+KtAzJm1QZoQ1
[Sun Jan 27 14:30:17 2013] [error] [client 173.216.46.27] File does not exist: /etc/нещо_си/нещо_си2/VhT1KsLU0A4YRHU7aOCOuA+2rasfnn
[Sun Jan 27 14:30:27 2013] [error] [client 68.191.208.164] File does not exist: /etc/нещо_си/нещо_си2/mqY1KsrX086mU0S9aOCOuA+2ratLmyvLzAYyUh3hCQ0z5O6It1POywQd8Fx7zp0YUr1SWMo+vf59xhtqrkG72pQ2enlCJoJiVLBJVNdg7SemiSdi9VjVhT04L3sWmqpCUh9r6khvzg17PQkDtMI3TQUZc0643ZMvPhEBwqwDiqFn64w
[Sun Jan 27 14:30:34 2013] [error] [client 24.118.198.108] File does not exist: /etc/нещо_си/нещо_си2/EKG2wTfU1k5mLDo8aOCOuA+2ratGkCCexVd7Ah7hWA525PeIq1qc1FIFog81mdJLE7ZUXsMv28942BNwtxymnNN+byxGZsA9FakFSdFg7SmwgXtn9VvdlFxaK2cW64q
[Sun Jan 27 14:31:03 2013] [error] [client 88.73.142.156] File does not exist: /etc/нещо_си/нещо_си2/gyZ3SRqd036jkFS8aOCOuA+2ratNzHzMmQU+BhniDA5s4+qNsV6fnVpJpQh4n51JALFQXMNr7fooxBpqrkG725g1enlCJoJiVLBJVNdg7SemiSdi9VjWhT04LHsWxrYRSwdr+AZyzx5
[Sun Jan 27 14:31:25 2013] [error] [client 71.233.33.194] File does not exist: /etc/нещо_си/нещо_си2/7aV3gMSL1m6y8As9aOCOuA+2rasZySzIzgUyUBm2Wwo54r+KtV7KzFseoVt+zpgeBOVRWsE2v
[Sun Jan 27 14:31:36 2013] [error] [client 108.80.2.23] File does not exist: /etc/нещо_си/нещо_си2/ua02mHDd0Q7QnKO7aOCOuA+2ratMm36dywc
[Sun Jan 27 14:31:37 2013] [error] [client 117.207.66.121] File does not exist: /etc/нещо_си/нещо_си2/Ahh3gthX0G4yRoU7aOCOuA+2ratGkCCexVd7Ah7gWQl25PeIq1qc1FIFog81mdJLE7ZUXsMv28942BNwtxymnNN+aTlbZM0uVPlIBtxpqW25jTVj8lvWll4=84Q
[Sun Jan 27 14:31:49 2013] [error] [client 64.252.205.125] File does not exist: /etc/нещо_си/нещо_си2/Kq82QxQd005xMDO8aOCOuA+2rascx37Mn1Q2BBrpDAw9t72B51rKzQAc9VwrzcpIUrNWCMY57vkswEY
[Sun Jan 27 14:32:03 2013] [error] [client 83.203.151.238] File does not exist: /etc/нещо_си/нещо_си2/JYH3nkaC097Xn9G9aOCOuA+2rasayn7IzQM

Почти нон стоп са, през 2-3 секунди или няколко минути. Горе-долу на 2 часа се повтарят айпитата.

cat /var/log/httpd/ssl_error_log | grep 108.80.2.23

Код:
[Sun Jan 27 04:31:23 2013] [error] [client 108.80.2.23] File does not exist: /etc/нещо_си/нещо_си2/7Qa1kEtC0j7xUBS8aOCOuA+2ratMm36dywc
[Sun Jan 27 06:31:26 2013] [error] [client 108.80.2.23] File does not exist: /etc/нещо_си/нещо_си2/Pq91ONQE0z6Jecu7aOCOuA+2ratMm36dywc
[Sun Jan 27 08:31:30 2013] [error] [client 108.80.2.23] File does not exist: /etc/нещо_си/нещо_си2/CKZ3RcGU0Z5X1vS8aOCOuA+2ratMm36dywc
[Sun Jan 27 10:31:32 2013] [error] [client 108.80.2.23] File does not exist: /etc/нещо_си/нещо_си2/2yv32SOX1Y5Jy6O8aOCOuA+2ratMm36dywc
[Sun Jan 27 12:31:34 2013] [error] [client 108.80.2.23] File does not exist: /etc/нещо_си/нещо_си2/vyp2bn9C004mNQU9aOCOuA+2ratMm36dywc
[Sun Jan 27 14:31:36 2013] [error] [client 108.80.2.23] File does not exist: /etc/нещо_си/нещо_си2/ua02mHDd0Q7QnKO7aOCOuA+2ratMm36dywc

На мен ми прилича на бот, които се опитва пароли (hash), но предполагам греша. Някаква идея? :)

Edit: лога е за ссл връзка, защото всичко минава от там, нищо не е без. Ако го спра и си сложа порт 80, същата работа.
 

s1yf0x

Well-Known Member
От: Що за request-и са това?

Това е само URI-то, за да си наясно действително какво правят ти трябва софтуер за логване на пълните http хедъри и http body . Реално когато решат да правят золуми изпращат такива рекуести, без значение какъв отговор връща сървъра - 200 или 404. Apache или nginx е това?
 

r.stefanov

New Member
От: Що за request-и са това?

Apache. То става въпрос за контролния панел и май директно ще ги блокирам и така. API-то на панела и то е с подобен хаш.
 

s1yf0x

Well-Known Member
От: Що за request-и са това?

Инсталирай mod_security и го конфигурирай да ти логва пълните http request headers и http request body . Ще останеш очарован от нещата, които ще се запишат в логовете. Ако сървъра е натоварен настрой логовете да се пишат на друг диск. Нали си security freak, ще ти е забавно да ги четеш.
 

r.stefanov

New Member
От: Що за request-и са това?

Мда, с Nginx показва всичко, само един ред променяш в конфа :) Ще разгледам mod_security. Мерси.
 

Горе