Apache 로그 파일에있는 프록시 레이더


17

아파치 서버의 로그를 읽고 있었고이 로그를보고 충격을 받았습니다!

[Sun Oct 25 06:44:48.922248 2015] [mpm_prefork:notice] [pid 17635] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.13 configured -- resuming normal operations
[Sun Oct 25 06:44:48.922322 2015] [core:notice] [pid 17635] AH00094: Command line: '/usr/sbin/apache2'
[Sun Oct 25 06:52:03.432156 2015] [:error] [pid 12247] [client 185.25.151.159:52483] script '/var/www/testproxy.php' not found or unable to stat
[Sun Oct 25 10:04:07.474749 2015] [:error] [pid 12246] [client 95.213.177.126:26970] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sun Oct 25 13:30:45.499151 2015] [:error] [pid 12249] [client 95.213.177.124:12337] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sun Oct 25 14:56:17.907266 2015] [core:error] [pid 12247] [client 204.232.231.193:42272] AH00126: Invalid URI in request GET HTTP/1.1 HTTP/1.1
[Sun Oct 25 16:47:51.671775 2015] [:error] [pid 13152] [client 95.213.177.122:22221] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sun Oct 25 20:05:20.347574 2015] [:error] [pid 12250] [client 95.213.177.126:26093] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sun Oct 25 20:12:20.573716 2015] [:error] [pid 12247] [client 195.211.154.57:59906] script '/var/www/wp-login.php' not found or unable to stat
[Sun Oct 25 20:12:20.925707 2015] [:error] [pid 12246] [client 195.211.154.57:59982] script '/var/www/wp-login.php' not found or unable to stat
[Sun Oct 25 20:12:21.286692 2015] [:error] [pid 14778] [client 195.211.154.57:60061] script '/var/www/wp-login.php' not found or unable to stat
[Sun Oct 25 20:12:21.653284 2015] [:error] [pid 12248] [client 195.211.154.57:60129] script '/var/www/wp-login.php' not found or unable to stat
[Sun Oct 25 23:40:01.996372 2015] [:error] [pid 13152] [client 95.213.177.125:11645] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 02:51:58.571464 2015] [:error] [pid 12247] [client 185.49.14.190:56375] script '/var/www/testproxy.php' not found or unable to stat
[Mon Oct 26 03:06:19.339766 2015] [:error] [pid 12246] [client 95.213.177.125:57675] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 05:40:34.837617 2015] [:error] [pid 12249] [client 212.26.4.140:45817] PHP Notice:  Undefined index: fileToUpload in /var/www/upload.php on line 16, referer: http://MyServerIPAddress/index.html
[Mon Oct 26 05:40:34.845077 2015] [:error] [pid 12249] [client 212.26.4.140:45817] PHP Notice:  Undefined index: fileToUpload in /var/www/upload.php on line 36, referer: http://MyServerIPAddress/index.html
[Mon Oct 26 06:35:27.184473 2015] [:error] [pid 12247] [client 95.213.177.123:49908] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 10:00:38.818189 2015] [:error] [pid 12250] [client 95.213.177.124:13503] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 13:31:03.088079 2015] [:error] [pid 12246] [client 95.213.177.126:29119] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 17:00:20.614876 2015] [:error] [pid 12247] [client 95.213.177.126:50712] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 20:29:44.660822 2015] [:error] [pid 12250] [client 95.213.177.126:1817] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 00:01:58.744948 2015] [:error] [pid 14778] [client 95.213.177.122:21314] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 01:11:03.468846 2015] [:error] [pid 18984] [client 185.25.148.240:59900] script '/var/www/testproxy.php' not found or unable to stat
[Tue Oct 27 03:30:14.778881 2015] [:error] [pid 18983] [client 95.213.177.125:18166] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 07:03:54.964307 2015] [:error] [pid 13152] [client 95.213.177.125:6661] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 10:29:50.276896 2015] [:error] [pid 12246] [client 95.213.177.124:61095] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 13:53:21.732290 2015] [:error] [pid 14778] [client 95.213.177.123:60280] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 17:21:02.887146 2015] [:error] [pid 12248] [client 95.213.177.125:63152] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 20:50:02.216260 2015] [:error] [pid 18983] [client 95.213.177.123:36963] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 21:14:02.927072 2015] [:error] [pid 12249] [client 185.25.148.240:60127] script '/var/www/testproxy.php' not found or unable to stat    
[Wed Oct 28 00:14:25.724517 2015] [:error] [pid 12250] [client 95.213.177.123:49920] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 03:44:31.131853 2015] [:error] [pid 12246] [client 95.213.177.124:43972] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 07:10:14.870620 2015] [:error] [pid 18983] [client 95.213.177.122:64165] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 10:41:34.266047 2015] [:error] [pid 12249] [client 95.213.177.122:7384] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 14:04:14.227135 2015] [:error] [pid 13152] [client 95.213.177.122:51171] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 16:20:24.056612 2015] [:error] [pid 12247] [client 91.196.50.33:37592] script '/var/www/testproxy.php' not found or unable to stat
[Wed Oct 28 17:24:12.731783 2015] [:error] [pid 12250] [client 95.213.177.126:63964] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 21:01:47.135810 2015] [:error] [pid 12246] [client 95.213.177.122:46135] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 00:26:45.812360 2015] [:error] [pid 12249] [client 95.213.177.123:4377] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 03:51:35.202020 2015] [:error] [pid 13152] [client 95.213.177.123:5403] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 07:16:27.154161 2015] [:error] [pid 14778] [client 95.213.177.125:60001] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 10:47:57.392473 2015] [mpm_prefork:notice] [pid 17635] AH00169: caught SIGTERM, shutting down
[Thu Oct 29 10:47:58.276766 2015] [mpm_prefork:notice] [pid 10744] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.14 configured -- resuming normal     operations
[Thu Oct 29 10:47:58.276856 2015] [core:notice] [pid 10744] AH00094: Command line: '/usr/sbin/apache2'
[Thu Oct 29 10:48:00.183820 2015] [mpm_prefork:notice] [pid 10744] AH00169: caught SIGTERM, shutting down
[Thu Oct 29 10:48:01.268504 2015] [mpm_prefork:notice] [pid 11109] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.14 configured -- resuming normal operations
[Thu Oct 29 10:48:01.268593 2015] [core:notice] [pid 11109] AH00094: Command line: '/usr/sbin/apache2'
[Thu Oct 29 10:53:55.208328 2015] [:error] [pid 11117] [client 95.213.177.126:24617] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 12:05:44.568022 2015] [:error] [pid 11116] [client 185.25.151.159:44881] script '/var/www/testproxy.php' not found or unable to stat
[Thu Oct 29 14:23:29.206838 2015] [:error] [pid 11113] [client     95.213.177.122:51825] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 17:46:40.522593 2015] [:error] [pid 11648] [client 95.213.177.123:6131] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 21:19:33.442885 2015] [:error] [pid 11642] [client 95.213.177.126:29530] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 21:40:04.453806 2015] [:error] [pid 11114] [client     195.211.154.57:60044] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:04.717870 2015] [:error] [pid 11643] [client 195.211.154.57:60066] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:04.982542 2015] [:error] [pid 11117] [client 195.211.154.57:60089] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:05.234578 2015] [:error] [pid 11115] [client 195.211.154.57:60114] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:05.482102 2015] [:error] [pid 11116] [client 195.211.154.57:60141] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:05.740567 2015] [:error] [pid 11113] [client 195.211.154.57:60161] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:05.993417 2015] [:error] [pid 11648] [client 195.211.154.57:60182] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:06.254748 2015] [:error] [pid 11642] [client 195.211.154.57:60210] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:06.501836 2015] [:error] [pid 11114] [client 195.211.154.57:60231] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:06.753228 2015] [:error] [pid 11643] [client 195.211.154.57:60252] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:07.015822 2015] [:error] [pid 11117] [client 195.211.154.57:60276] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:07.278555 2015] [:error] [pid 11115] [client 195.211.154.57:60304] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:07.529478 2015] [:error] [pid 11116] [client 195.211.154.57:60329] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:07.777850 2015] [:error] [pid 11113] [client 195.211.154.57:60351] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:08.022832 2015] [:error] [pid 11648] [client 195.211.154.57:60371] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:08.268446 2015] [:error] [pid 11642] [client 195.211.154.57:60393] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:08.524456 2015] [:error] [pid 11114] [client 195.211.154.57:60412] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:08.770056 2015] [:error] [pid 11643] [client 195.211.154.57:60434] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:09.031264 2015] [:error] [pid 11117] [client 195.211.154.57:60450] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:09.286882 2015] [:error] [pid 11115] [client 195.211.154.57:60473] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:09.537999 2015] [:error] [pid 11116] [client 195.211.154.57:60494] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:09.796330 2015] [:error] [pid 11113] [client 195.211.154.57:60512] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:10.047986 2015] [:error] [pid 11648] [client 195.211.154.57:60537] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:10.294042 2015] [:error] [pid 11642] [client 195.211.154.57:60560] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:10.549803 2015] [:error] [pid 11114] [client 195.211.154.57:60581] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:10.808650 2015] [:error] [pid 11643] [client 195.211.154.57:60604] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:11.056997 2015] [:error] [pid 11117] [client 195.211.154.57:60625] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:11.301379 2015] [:error] [pid 11115] [client 195.211.154.57:60652] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:11.547697 2015] [:error] [pid 11116] [client 195.211.154.57:60668] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:11.797300 2015] [:error] [pid 11113] [client 195.211.154.57:60693] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:12.056947 2015] [:error] [pid 11648] [client 195.211.154.57:60717] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:12.312125 2015] [:error] [pid 11642] [client 195.211.154.57:60737] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:12.560742 2015] [:error] [pid 11114] [client 195.211.154.57:60757] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:12.813413 2015] [:error] [pid 11643] [client 195.211.154.57:60776] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:13.065100 2015] [:error] [pid 11117] [client 195.211.154.57:60801] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:13.320162 2015] [:error] [pid 11115] [client 195.211.154.57:60824] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:13.569527 2015] [:error] [pid 11116] [client 195.211.154.57:60848] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:13.814746 2015] [:error] [pid 11113] [client 195.211.154.57:60871] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:14.066743 2015] [:error] [pid 11648] [client 195.211.154.57:60887] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:14.326231 2015] [:error] [pid 11642] [client 195.211.154.57:60915] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:14.585975 2015] [:error] [pid 11114] [client 195.211.154.57:60936] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:14.844341 2015] [:error] [pid 11643] [client 195.211.154.57:60956] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:15.095272 2015] [:error] [pid 11117] [client 195.211.154.57:60981] script '/var/www/wp-login.php' not found or unable to stat
[Fri Oct 30 00:47:05.284551 2015] [:error] [pid 11115] [client 95.213.177.125:26477] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 04:09:19.403419 2015] [:error] [pid 11116] [client 95.213.177.122:31198] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 07:42:17.527746 2015] [:error] [pid 11648] [client 95.213.177.124:59115] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 10:13:59.016697 2015] [:error] [pid 11642] [client 91.196.50.33:36603] script '/var/www/testproxy.php' not found or unable to stat
[Fri Oct 30 11:06:15.666434 2015] [:error] [pid 11114] [client 95.213.177.123:16988] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 14:28:18.705393 2015] [:error] [pid 11643] [client 95.213.177.124:53349] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 17:58:00.532339 2015] [:error] [pid 11115] [client 95.213.177.122:53827] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 21:12:46.869377 2015] [:error] [pid 11116] [client 95.213.177.122:54578] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sat Oct 31 00:35:01.994847 2015] [:error] [pid 11113] [client 95.213.177.123:2596] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sat Oct 31 02:24:36.644160 2015] [:error] [pid 11648] [client 185.25.148.240:58843] script '/var/www/testproxy.php' not found or unable to stat
[Sat Oct 31 04:05:26.854168 2015] [:error] [pid 11642] [client 95.213.177.123:5184] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sat Oct 31 04:43:12.015411 2015] [:error] [pid 11114] [client 91.196.50.33:46098] script '/var/www/testproxy.php' not found or unable to stat
[Sat Oct 31 07:25:14.509690 2015] [:error] [pid 11117] [client 95.213.177.123:3185] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sat Oct 31 10:15:58.489698 2015] [:error] [pid 11115] [client 5.8.66.115:54407] script '/var/www/xmlrpc.php' not found or unable to stat
[Sat Oct 31 10:46:10.183445 2015] [:error] [pid 11116] [client 95.213.177.122:28801] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/

이 로그에 관심을 가져야합니까, 어떤 종류의 공격을 나타내는가?


4
이들은 밀 스크립트 검사 항목의 표준입니다. 걱정할 것이 없습니다. 태그가 붙어 있다는 사실은 https://proxyradar.com/일부 봇이 프록시를 사용하여 실제 IP를 숨기는 동안 프록시를 사용하고 있음을 의미합니다. 그러나 이것을 "공격"으로 보지 말아야합니다. 걱정이되는 경우 항상 핵심 WordPress 설치가 완전히 패치되고 최신 상태인지 확인하십시오.
JakeGould

@JakeGould 아이디어는이 서버에 WB와 관련된 것을 넣지 않은 것입니다! ,
iShaalan

1
서버를 조사하는 중입니다. 그러나 당신이 무엇을 모른다. 이것이 바로 프로브라고하는 이유입니다.
JakeGould

이러한 시도를 너무 많이 차단하는 fail2ban과 같은 것을 설치하는 것이 좋습니다.
대런

답변:


3

댓글에서 @jakeGould를 통해

이들은 밀 스크립트 검사 항목의 표준입니다. 걱정할 것이 없습니다. 이들이 https://proxyradar.com/ 으로 태그되어 있다는 사실은 일부 봇이 프록시를 사용하여 실제 IP를 숨기는 동안 프록시를 사용하고 있음을 의미합니다. 그러나 이것을 "공격"으로 보지 말아야합니다. 걱정이되는 경우 항상 핵심 WordPress 설치가 완전히 패치되고 최신 상태인지 확인하십시오.

당사 사이트를 사용함과 동시에 당사의 쿠키 정책개인정보 보호정책을 읽고 이해하였음을 인정하는 것으로 간주합니다.
Licensed under cc by-sa 3.0 with attribution required.