Answer the question
In order to leave comments, you need to log in
L
L
likejavascript2014-04-19 15:46:40
likejavascript, 2014-04-19 15:46:40
What does the attacker want and is it dangerous?
The following entries began to fall into the nginx_access log:
[15/Apr/2014:16:25:56 +0400] "GET http://www.[MY_SITE_COM]/?a=tt4mq2&b=e33bu HTTP/1.1" 200 7238 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0"
[15/Apr/2014:16:25:56 +0400] "POST http://myinfo.any-request-allowed.com/?a=tt4mq2&b=e33bu HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0"Tell me how to filter it and whether it is necessary?
3 answer(s)
@alekciy
@likejavascript
A
Alexey Sundukov, 2014-04-19 @alekciy
Perhaps the server was / is part of the bot network. And these are commands. I will assume that the site has standard WP, Joomla, or some other mass software. Statuses other than 404 hint that the engine did something to these requests and even responded.
L
likejavascript, 2014-04-19 @likejavascript
On the nginx/nodejs server. And what these requests should lead to a 404 error? The first request simply requests the main page and gets a 200 OK response, the second gets a permanent redirect and that's it.
They just got tired of hanging out in the logs. What is the best way to get rid of them?
Similar questions
S
T
O
S
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question