
Ask HN: Weird Apache2 Logs - yametekudasai
Hello,<p>So i recently set up an Apache2 Server and was looking into the logs and found these logs:<p>https:&#x2F;&#x2F;pastebin.com&#x2F;bVKFX9X2<p>Does anyone know what this or what the goal of the doer is? Finding a specific file on the server, maybe a weakspot?<p>Also if this is an &quot;attack&quot; how do i protect myself from it?<p>Kind Regards<p>PS: For future reference, should i not show the ip-adress?
======
1c1f9a165ff3
Looks like its a (probably) bot from china doing a directory brute force on
your web server.

You could ban by ip but there will be others. grep logs for that IP and if
they recieved a 200 response. Then you'll know what they found that may be
interesting to them.

There are ways to harden your apache, I suggest implementing them.

~~~
yametekudasai
Thanks! I will try that

------
Etheryte
You'll reach a better target audience on the Stack Exchange, either [1] or
[2].

[1] [https://security.stackexchange.com](https://security.stackexchange.com)

[2] [https://superuser.com/](https://superuser.com/)

------
yametekudasai
Also i read the rules, that you shouldn't use 'clickbait' titles but i really
didn't thought of a better name, if this 'baited' you i am terribly sorry

------
mattbillenstein
They're just probing to see if you're running anything they might be able to
exploit - I didn't see any 200's other than /, so I think it's low risk.

------
OpFour
looks like some kind of bot that was scanning for specific file types... they
all 404'd so nothing was found from what I saw.

You can block the ip in the firewall of that (assumed) bot and maybe create a
complicated iptable rule blocking any bots that send a get request for
xxx.filename maybe?

