Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1

#1 Le 03/12/2021, à 10:53

Eirikr70

Interprétation des logs nginx

Bonjour,
J'ai repéré sur mon serveur nginx des activités "suspectes" mais je ne sais pas interpréter les logs. Pouvez-vous me dire comment je dois interpréter ce qui suit et si je dois m'inquiéter ou si mon serveur s'est comporté normalement ? Je précise que l'IP d'origine m'est inconnue et située en Chine :

182.254.225.69 - - [03/Dec/2021:05:43:07 +0100] "GET /phpmyadmin3/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:07 +0100] "GET /PMA2015/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:08 +0100] "GET /myadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:08 +0100] "GET /admin/web/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4>
182.254.225.69 - - [03/Dec/2021:05:43:09 +0100] "GET /program/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:09 +0100] "GET /phpmyadmin2021/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:10 +0100] "GET /mysql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.>
182.254.225.69 - - [03/Dec/2021:05:43:10 +0100] "GET /pma2018/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:10 +0100] "GET /mysqlmanager/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.>
182.254.225.69 - - [03/Dec/2021:05:43:11 +0100] "GET /mysql-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:11 +0100] "GET /sql/webdb/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4>
182.254.225.69 - - [03/Dec/2021:05:43:12 +0100] "GET /PMA2012/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:12 +0100] "GET /sql/phpmyadmin5/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/>
182.254.225.69 - - [03/Dec/2021:05:43:13 +0100] "GET /phpmyadmin2018/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:13 +0100] "GET /mysql/db/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.45>
182.254.225.69 - - [03/Dec/2021:05:43:13 +0100] "GET /PMA2016/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:14 +0100] "GET /phpmyadmin2019/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:14 +0100] "GET /admin/phpMyAdmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome>
182.254.225.69 - - [03/Dec/2021:05:43:15 +0100] "GET /sql/websql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:15 +0100] "GET /admin/sqladmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:16 +0100] "GET /admin/sysadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:16 +0100] "GET /admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.>
182.254.225.69 - - [03/Dec/2021:05:43:16 +0100] "GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/>
182.254.225.69 - - [03/Dec/2021:05:43:17 +0100] "GET /db/dbadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:17 +0100] "GET /phpmyadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:20 +0100] "GET /phpMyadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:20 +0100] "GET /sql/phpmy-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/>
182.254.225.69 - - [03/Dec/2021:05:43:21 +0100] "GET /sql/sql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:21 +0100] "GET /pma/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82>
182.254.225.69 - - [03/Dec/2021:05:43:22 +0100] "GET /db/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 >
182.254.225.69 - - [03/Dec/2021:05:43:22 +0100] "GET /mysql/db/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.45>
182.254.225.69 - - [03/Dec/2021:05:43:22 +0100] "GET /_phpMyAdmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:23 +0100] "GET /db/db-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:25 +0100] "GET /mysql/mysqlmanager/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro>
182.254.225.69 - - [03/Dec/2021:05:43:25 +0100] "GET /db/dbweb/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.45>
182.254.225.69 - - [03/Dec/2021:05:43:25 +0100] "GET /administrator/phpMyAdmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko>
182.254.225.69 - - [03/Dec/2021:05:43:26 +0100] "GET /phpmyadmin2016/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:26 +0100] "GET /phpmyadmin2018/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:27 +0100] "GET /phpmyadmin2014/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/9>
182.254.225.69 - - [03/Dec/2021:05:43:28 +0100] "GET /sql/sql-admin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93>
182.254.225.69 - - [03/Dec/2021:05:43:29 +0100] "GET /phpmyadmin/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.>
182.254.225.69 - - [03/Dec/2021:05:43:29 +0100] "GET /PMA2021/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>
182.254.225.69 - - [03/Dec/2021:05:43:29 +0100] "GET /phpmyadmin4/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0>
182.254.225.69 - - [03/Dec/2021:05:43:30 +0100] "GET /mysqlmanager/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.>
182.254.225.69 - - [03/Dec/2021:05:43:30 +0100] "GET /shopdb/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577>
182.254.225.69 - - [03/Dec/2021:05:43:31 +0100] "GET /db/websql/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4>
182.254.225.69 - - [03/Dec/2021:05:43:31 +0100] "GET /PMA2021/index.php?lang=en HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.457>

Hors ligne

#2 Le 03/12/2021, à 14:09

bruno

Re : Interprétation des logs nginx

Bonjour,

Il s'agit d'un logiciel, de type nikto ou autre, qui scanne ton application web à la recherches de vulnérabilités. Pas d’inquiétude particulière à avoir, d'autant qu'il n'obtient que des erreurs 404.
Dés que l'on a des services accessibles publiquement il est normal de voir les logs se remplir avec ce genre de choses.

Hors ligne

#3 Le 03/12/2021, à 15:20

Eirikr70

Re : Interprétation des logs nginx

bruno a écrit :

Dés que l'on a des services accessibles publiquement il est normal de voir les logs se remplir avec ce genre de choses.

Merci Bruno,
J'en ai conscience. Mais j'ai conscience aussi que quand on a ce type de service, il vaut mieux savoir utiliser les logs. Et en la matière, j'ai encore des progrès à faire roll

Hors ligne

#4 Le 03/12/2021, à 15:28

bruno

Re : Interprétation des logs nginx

Il vaut mieux se focaliser sur la sécurité de tes services plutôt que d'examiner les logs en permanence.

Hors ligne

#5 Le 03/12/2021, à 15:38

Eirikr70

Re : Interprétation des logs nginx

bruno a écrit :

Il vaut mieux se focaliser sur la sécurité de tes services plutôt que d'examiner les logs en permanence.

Je pense avoir bien fait les choses en la matière ...

Hors ligne

Pages : 1