Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vincent12020-12-10 14:35:55
Nginx
Vincent1, 2020-12-10 14:35:55

How are hosts written to the Apache logs that are not on my server?

Today, hundreds of thousands of entries appeared in the Apache logs with hosts that I do not have and were on the server. Is this some kind of spam? And how does Apache + nginx log hosts that are not on the server?

infodio.com:80 64.31.24.238 - - [10/Dec/2020:05:07:16 -0500] "GET / HTTP/1.0" 200 3540 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78. 295226 0.3904.70 Safari/537.36"
infodio.com:80 64.31.24.238 - - [10/Dec/2020:05:07:16 -0500] "GET / HTTP/1.0" 200 3540 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69. 295227 0"
infodio.com:80 64.31.24.238 - - [10/Dec/2020:05:07:16 -0500] "GET / HTTP/1.0" 200 3540 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)  295228 Chrome/76.0.3809.87 Safari/537.36"
monlycee.net:80 216.144.247.78 - - [10/Dec/2020:05:06:40 -0500] "GET / HTTP/1.0" 302 237 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; ASJB; rv:11.0) like Gecko"
monlycee.net:80 216.144.247.78 - - [10/Dec/2020:05:06:40 -0500] "GET / HTTP/1.0" 302 237 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-G920V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36"
monlycee.net:80 216.144.247.78 - - [10/Dec/2020:05:06:40 -0500] "GET / HTTP/1.0" 302 237 "-" "Mozilla/5.0 (Windows NT 6.0; rv:39.0) Gecko/20100101 Firefox/39.0"
monlycee.net:80 216.144.247.78 - - [10/Dec/2020:05:06:40 -0500] "GET / HTTP/1.0" 302 237 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36"
attack.ink:80 64.31.33.62 - - [10/Dec/2020:05:06:18 -0500] "GET / HTTP/1.0" 200 1626 "-" "Mozilla/5.0 (Linux; U; Android 4.0.3; en-us) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36"
attack.ink:80 216.144.247.78 - - [10/Dec/2020:05:06:18 -0500] "GET / HTTP/1.0" 200 1626 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9"
attack.ink:80 216.144.247.78 - - [10/Dec/2020:05:06:18 -0500] "GET / HTTP/1.0" 200 1626 "-" "Mozilla/5.0 (Linux; U; Android 4.4.3; en-us; KFTHWI Build/KTU84M) AppleWebKit/537.36 (KHTML, like Gecko) Silk/3.68 like Chrome/39.0.2171.93 Safari/537.36"

Subnets that I have already banned
64.31.6.190/23
208.115.237.90/24
64.31.24.218/24
64.31.35.46/24
64.31.8.0/24

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Saboteur, 2020-12-10
@Vincent1

You most likely have something like
LogFormat "%V .....
In this case, the name of the host, by which the client gets to your server, gets into the log. And this can be done in different ways. Crooked DNS, or a trite client can fix the hosts file and get to your web server by any arbitrary domain name

Similar questions
K
k-22017-11-08 21:44:07
How do VK likes get LIVE users? 4Reply
G
gregorypetrov2017-05-30 14:19:50
How to make nginx give Apache requests for non-existent files of a certain type? 1Reply
D
Dolphin83832019-10-31 09:17:17
Nginx rewrite from a non-existent folder to a specified one, how? 1Reply
A
Alex2019-10-31 12:40:57
How to fix PHP-FPM + Nginx vulnerability issue? 5Reply
V
Vadim Timoshenko2019-10-31 14:28:13
Why does 500 NGINX error sometimes crash? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question