Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
HPositron2021-09-26 15:33:34
Information Security
HPositron, 2021-09-26 15:33:34

What does a lot of requests of the same type mean in access_log?

I recently launched a small site for personal use, connected Cloudflare, and the next day I was a little surprised because cloudflare statistics showed 1140 requests from at least 5 countries.
Checked the logs:

A piece of logs

172.70.122.17 - - [25/Sep/2021:11:07:57 +0300] "GET / HTTP/1.0" 302 308 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1"
172.70.122.17 - - [25/Sep/2021:11:07:58 +0300] "GET /login/ HTTP/1.0" 200 1820 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1"
162.158.91.176 - - [25/Sep/2021:11:09:36 +0300] "GET /admin.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:37 +0300] "GET /admin HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:37 +0300] "GET /admin/index.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:37 +0300] "GET /admin/admin.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:37 +0300] "GET /admin/adm.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:37 +0300] "GET /adm.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:38 +0300] "GET /login.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:38 +0300] "GET /login/index.php HTTP/1.0" 200 1884 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:38 +0300] "GET /home.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:38 +0300] "GET /PvqDq929BSx_A_D_M1n_a.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:38 +0300] "GET /panel HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:39 +0300] "GET /adm HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:39 +0300] "GET /adm/adm.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:39 +0300] "GET /files HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:39 +0300] "GET /panel.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:40 +0300] "GET /panel/login.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:40 +0300] "GET /panel/index.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:40 +0300] "GET /panel/admin.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:40 +0300] "GET /uadmin/adm.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:40 +0300] "GET /uadminons/adm.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:41 +0300] "GET /uadmfi/adm.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:41 +0300] "GET /uadminl/adm.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:41 +0300] "GET /uadminfi/adm.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
162.158.91.176 - - [25/Sep/2021:11:09:41 +0300] "GET /nooord/adm.php HTTP/1.0" 404 1604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"


As I understand it, I'm being scanned. Tell me how potentially dangerous it is and how to protect yourself?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
P
paran0id, 2021-09-26
@HPositron

Correctly understood - bots are hammering in search of vulnerabilities. Set up fail2ban.

Similar questions
Y
YdarSvertyhi2017-03-07 21:37:12
What do IB specialists do? 3Reply
C
carotis_interna2017-03-08 01:43:55
How to save your passwords using NFC tags? 2Reply
A
AndreyKlimentiev692021-03-05 19:20:31
Will spyware help identify suspicious events? 6Reply
F
frolov4ynga2021-03-06 11:56:56
How to block TeamViewer on Linux gateway? 7Reply
V
Valeriy Solovyov2015-03-07 11:57:44
How to catch shells and exploits on php sites? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question