Pages : 1
#1 Le 03/12/2021, à 10:53
- Eirikr70
Interprétation des logs nginx
Bonjour,
J'ai repéré sur mon serveur nginx des activités "suspectes" mais je ne sais pas interpréter les logs. Pouvez-vous me dire comment je dois interpréter ce qui suit et si je dois m'inquiéter ou si mon serveur s'est comporté normalement ? Je précise que l'IP d'origine m'est inconnue et située en Chine :
182.254.225.69 - - [03/Dec/2021:05:43:07 +0100] "GET /phpmyadmin3/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:07 +0100] "GET /PMA2015/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:08 +0100] "GET /myadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:08 +0100] "GET /admin/web/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4>
182.254.225.69 - - [03/Dec/2021:05:43:09 +0100] "GET /program/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:09 +0100] "GET /phpmyadmin2021/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:10 +0100] "GET /mysql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.>
182.254.225.69 - - [03/Dec/2021:05:43:10 +0100] "GET /pma2018/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:10 +0100] "GET /mysqlmanager/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.>
182.254.225.69 - - [03/Dec/2021:05:43:11 +0100] "GET /mysql-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:11 +0100] "GET /sql/webdb/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4>
182.254.225.69 - - [03/Dec/2021:05:43:12 +0100] "GET /PMA2012/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:12 +0100] "GET /sql/phpmyadmin5/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/>
182.254.225.69 - - [03/Dec/2021:05:43:13 +0100] "GET /phpmyadmin2018/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:13 +0100] "GET /mysql/db/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.45>
182.254.225.69 - - [03/Dec/2021:05:43:13 +0100] "GET /PMA2016/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:14 +0100] "GET /phpmyadmin2019/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:14 +0100] "GET /admin/phpMyAdmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome>
182.254.225.69 - - [03/Dec/2021:05:43:15 +0100] "GET /sql/websql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:15 +0100] "GET /admin/sqladmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:16 +0100] "GET /admin/sysadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:16 +0100] "GET /admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.>
182.254.225.69 - - [03/Dec/2021:05:43:16 +0100] "GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/>
182.254.225.69 - - [03/Dec/2021:05:43:17 +0100] "GET /db/dbadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:17 +0100] "GET /phpmyadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:20 +0100] "GET /phpMyadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:20 +0100] "GET /sql/phpmy-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/>
182.254.225.69 - - [03/Dec/2021:05:43:21 +0100] "GET /sql/sql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:21 +0100] "GET /pma/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82>
182.254.225.69 - - [03/Dec/2021:05:43:22 +0100] "GET /db/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 >
182.254.225.69 - - [03/Dec/2021:05:43:22 +0100] "GET /mysql/db/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.45>
182.254.225.69 - - [03/Dec/2021:05:43:22 +0100] "GET /_phpMyAdmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:23 +0100] "GET /db/db-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:25 +0100] "GET /mysql/mysqlmanager/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro>
182.254.225.69 - - [03/Dec/2021:05:43:25 +0100] "GET /db/dbweb/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.45>
182.254.225.69 - - [03/Dec/2021:05:43:25 +0100] "GET /administrator/phpMyAdmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko>
182.254.225.69 - - [03/Dec/2021:05:43:26 +0100] "GET /phpmyadmin2016/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:26 +0100] "GET /phpmyadmin2018/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:27 +0100] "GET /phpmyadmin2014/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:28 +0100] "GET /sql/sql-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93>
182.254.225.69 - - [03/Dec/2021:05:43:29 +0100] "GET /phpmyadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:29 +0100] "GET /PMA2021/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:29 +0100] "GET /phpmyadmin4/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:30 +0100] "GET /mysqlmanager/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.>
182.254.225.69 - - [03/Dec/2021:05:43:30 +0100] "GET /shopdb/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577>
182.254.225.69 - - [03/Dec/2021:05:43:31 +0100] "GET /db/websql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4>
182.254.225.69 - - [03/Dec/2021:05:43:31 +0100] "GET /PMA2021/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>Hors ligne
#2 Le 03/12/2021, à 14:09
- bruno
Re : Interprétation des logs nginx
Bonjour,
Il s'agit d'un logiciel, de type nikto ou autre, qui scanne ton application web à la recherches de vulnérabilités. Pas d’inquiétude particulière à avoir, d'autant qu'il n'obtient que des erreurs 404.
Dés que l'on a des services accessibles publiquement il est normal de voir les logs se remplir avec ce genre de choses.
Attention, les bouteilles vendues par Nestlé Waters sont contaminées au monoxyde de dihydrogène.
Hors ligne
#3 Le 03/12/2021, à 15:20
- Eirikr70
Re : Interprétation des logs nginx
bruno a écrit :
Dés que l'on a des services accessibles publiquement il est normal de voir les logs se remplir avec ce genre de choses.
Merci Bruno,
J'en ai conscience. Mais j'ai conscience aussi que quand on a ce type de service, il vaut mieux savoir utiliser les logs. Et en la matière, j'ai encore des progrès à faire 
Hors ligne
#4 Le 03/12/2021, à 15:28
- bruno
Re : Interprétation des logs nginx
Il vaut mieux se focaliser sur la sécurité de tes services plutôt que d'examiner les logs en permanence.
Attention, les bouteilles vendues par Nestlé Waters sont contaminées au monoxyde de dihydrogène.
Hors ligne
#5 Le 03/12/2021, à 15:38
- Eirikr70
Re : Interprétation des logs nginx
bruno a écrit :
Il vaut mieux se focaliser sur la sécurité de tes services plutôt que d'examiner les logs en permanence.
Je pense avoir bien fait les choses en la matière ...
Hors ligne
Pages : 1