刚刚看到 apache 的日志里有好多本地请求 via OpenSSL,而我没有配置过 cron 或者类似的定时器,有没有谁有类似经历?
PS:服务器上我配置了 lets encrypt renew bot,fail2ban 应该和这个异常日志都没关系吧
81.139.18.17 - - [12/Oct/2017:11:04:25 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2013/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
81.139.18.17 - - [12/Oct/2017:11:04:25 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2014/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
81.139.18.17 - - [12/Oct/2017:11:04:25 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2015/ HTTP/1.1" 404 159 "-" "Mozilla/5.0 Jorgee"
81.139.18.17 - - [12/Oct/2017:11:04:26 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2017/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 Jorgee"
81.139.18.17 - - [12/Oct/2017:11:04:26 +0800] "HEAD http://138.197.221.177:80/phpmyadmin2018/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 Jorgee"
81.139.18.17 - - [12/Oct/2017:11:04:27 +0800] "HEAD http://138.197.221.177:80/phpmanager/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 Jorgee"
138.197.108.245 - - [12/Oct/2017:11:06:12 +0800] "HEAD /icons/apache_pb.gif HTTP/1.0" 200 250 "-" "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; [email protected])"
104.236.163.39 - - [12/Oct/2017:11:10:19 +0800] "GET / HTTP/1.1" 200 3469 "-" "Mozilla/5.0 zgrab/0.x"
177.221.104.214 - - [12/Oct/2017:11:58:16 +0800] "GET / HTTP/1.1" 200 11576 "-" "curl/7.17.1 (mips-unknown-linux-gnu) libcurl/7.17.1 OpenSSL/0.9.8i zlib/1.2.3"
211.22.218.77 - - [12/Oct/2017:12:31:15 +0800] "HEAD http://138.197.221.177:80 HTTP/1.1" 200 311 "-" "Mozilla/5.0 Jorgee"
211.22.218.77 - - [12/Oct/2017:12:31:15 +0800] "GET http://138.197.221.177:80 HTTP/1.0" 200 11595 "-" "Mozilla/5.0 Jorgee"
::1 - - [12/Oct/2017:13:00:26 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:00:27 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:00:28 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:00:29 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:00:30 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:00:31 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:00:32 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:28:03 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:31:44 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:31:45 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:31:46 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:37:12 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:37:13 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:37:14 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [12/Oct/2017:13:37:15 +0800] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
1
lovedboy 2017-10-12 14:44:12 +08:00 1
Google "internal dummy connection"
|
2
WordTian 2017-10-12 20:56:17 +08:00 via Android
看着像网站扫描器,在扫描网站可能存在的后台管理的页面。
|
4
DeHoo 2017-11-09 16:47:24 +08:00
一般访问网站都不用 HEAD/OPTIONS 吧,反正我只要不是 GET 或 POST 访问的,都 BAN 了!
|