Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

#1 Le 03/12/2021, à 09:53

Eirikr70

Interprétation des logs nginx

Bonjour,
J'ai repéré sur mon serveur nginx des activités "suspectes" mais je ne sais pas interpréter les logs. Pouvez-vous me dire comment je dois interpréter ce qui suit et si je dois m'inquiéter ou si mon serveur s'est comporté normalement ? Je précise que l'IP d'origine m'est inconnue et située en Chine :

182.254.225.69 - - [03/Dec/2021:05:43:07 +0100] "GET /phpmyadmin3/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:07 +0100] "GET /PMA2015/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:08 +0100] "GET /myadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:08 +0100] "GET /admin/web/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4>
182.254.225.69 - - [03/Dec/2021:05:43:09 +0100] "GET /program/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:09 +0100] "GET /phpmyadmin2021/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:10 +0100] "GET /mysql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.>
182.254.225.69 - - [03/Dec/2021:05:43:10 +0100] "GET /pma2018/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:10 +0100] "GET /mysqlmanager/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.>
182.254.225.69 - - [03/Dec/2021:05:43:11 +0100] "GET /mysql-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:11 +0100] "GET /sql/webdb/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4>
182.254.225.69 - - [03/Dec/2021:05:43:12 +0100] "GET /PMA2012/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:12 +0100] "GET /sql/phpmyadmin5/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/>
182.254.225.69 - - [03/Dec/2021:05:43:13 +0100] "GET /phpmyadmin2018/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:13 +0100] "GET /mysql/db/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.45>
182.254.225.69 - - [03/Dec/2021:05:43:13 +0100] "GET /PMA2016/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:14 +0100] "GET /phpmyadmin2019/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:14 +0100] "GET /admin/phpMyAdmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome>
182.254.225.69 - - [03/Dec/2021:05:43:15 +0100] "GET /sql/websql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:15 +0100] "GET /admin/sqladmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:16 +0100] "GET /admin/sysadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:16 +0100] "GET /admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.>
182.254.225.69 - - [03/Dec/2021:05:43:16 +0100] "GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/>
182.254.225.69 - - [03/Dec/2021:05:43:17 +0100] "GET /db/dbadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:17 +0100] "GET /phpmyadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:20 +0100] "GET /phpMyadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:20 +0100] "GET /sql/phpmy-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/>
182.254.225.69 - - [03/Dec/2021:05:43:21 +0100] "GET /sql/sql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:21 +0100] "GET /pma/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82>
182.254.225.69 - - [03/Dec/2021:05:43:22 +0100] "GET /db/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 >
182.254.225.69 - - [03/Dec/2021:05:43:22 +0100] "GET /mysql/db/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.45>
182.254.225.69 - - [03/Dec/2021:05:43:22 +0100] "GET /_phpMyAdmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:23 +0100] "GET /db/db-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:25 +0100] "GET /mysql/mysqlmanager/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro>
182.254.225.69 - - [03/Dec/2021:05:43:25 +0100] "GET /db/dbweb/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.45>
182.254.225.69 - - [03/Dec/2021:05:43:25 +0100] "GET /administrator/phpMyAdmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko>
182.254.225.69 - - [03/Dec/2021:05:43:26 +0100] "GET /phpmyadmin2016/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:26 +0100] "GET /phpmyadmin2018/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:27 +0100] "GET /phpmyadmin2014/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:28 +0100] "GET /sql/sql-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93>
182.254.225.69 - - [03/Dec/2021:05:43:29 +0100] "GET /phpmyadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:29 +0100] "GET /PMA2021/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:29 +0100] "GET /phpmyadmin4/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:30 +0100] "GET /mysqlmanager/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.>
182.254.225.69 - - [03/Dec/2021:05:43:30 +0100] "GET /shopdb/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577>
182.254.225.69 - - [03/Dec/2021:05:43:31 +0100] "GET /db/websql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4>
182.254.225.69 - - [03/Dec/2021:05:43:31 +0100] "GET /PMA2021/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>

Hors ligne

#2 Le 03/12/2021, à 13:09

bruno

Re : Interprétation des logs nginx

Bonjour,

Il s'agit d'un logiciel, de type nikto ou autre, qui scanne ton application web à la recherches de vulnérabilités. Pas d’inquiétude particulière à avoir, d'autant qu'il n'obtient que des erreurs 404.
Dés que l'on a des services accessibles publiquement il est normal de voir les logs se remplir avec ce genre de choses.

#3 Le 03/12/2021, à 14:20

Eirikr70

Re : Interprétation des logs nginx

bruno a écrit :

Dés que l'on a des services accessibles publiquement il est normal de voir les logs se remplir avec ce genre de choses.

Merci Bruno,
J'en ai conscience. Mais j'ai conscience aussi que quand on a ce type de service, il vaut mieux savoir utiliser les logs. Et en la matière, j'ai encore des progrès à faire roll

Hors ligne

#4 Le 03/12/2021, à 14:28

bruno

Re : Interprétation des logs nginx

Il vaut mieux se focaliser sur la sécurité de tes services plutôt que d'examiner les logs en permanence.

#5 Le 03/12/2021, à 14:38

Eirikr70

Re : Interprétation des logs nginx

bruno a écrit :

Il vaut mieux se focaliser sur la sécurité de tes services plutôt que d'examiner les logs en permanence.

Je pense avoir bien fait les choses en la matière ...

Hors ligne