Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd August 2010, 02:06
kieron kieron is offline
Junior Member
 
Join Date: Aug 2007
Posts: 12
Thanks: 1
Thanked 0 Times in 0 Posts
Default Localhost lookups in system log

Hi
I have noticed a lot of localhost lookups mainly pointing to PHPMyAdmin but this week i have also noticed lookups with the server external IP.
Not to sure why this is happening an explanation would help here if possible thx in advance

localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:48:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:53:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:58:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:03:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:08:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:13:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:18:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:23:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:28:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:33:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:38:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:43:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:48:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:53:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"

Im not sure how to stop my own ip for server from doing this and whether it is a problem to be worried about.
The Server Ip localhost lookups are not recorded in the apache error logs.


But all of this type are recorded in apache error logs

localhost||||399||||210.83.230.158 - - [02/Aug/2010:22:22:11 +0100] "GET /nosuichfile.php HTTP/1.1" 404 399 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||406||||210.83.230.158 - - [02/Aug/2010:22:22:12 +0100] "GET /noxdir/nosuichfile.php HTTP/1.1" 404 406 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||405||||210.83.230.158 - - [02/Aug/2010:22:22:12 +0100] "GET /PMA/scripts/setup.php HTTP/1.1" 404 405 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||409||||210.83.230.158 - - [02/Aug/2010:22:22:12 +0100] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 409 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||413||||210.83.230.158 - - [02/Aug/2010:22:22:13 +0100] "GET /admin/mysql/scripts/setup.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||418||||210.83.230.158 - - [02/Aug/2010:22:22:13 +0100] "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 418 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||411||||210.83.230.158 - - [02/Aug/2010:22:22:13 +0100] "GET /admin/pma/scripts/setup.php HTTP/1.1" 404 411 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||407||||210.83.230.158 - - [02/Aug/2010:22:22:14 +0100] "GET /admin/scripts/setup.php HTTP/1.1" 404 407 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||404||||210.83.230.158 - - [02/Aug/2010:22:22:14 +0100] "GET /db/scripts/setup.php HTTP/1.1" 404 404 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||409||||210.83.230.158 - - [02/Aug/2010:22:22:14 +0100] "GET /dbadmin/scripts/setup.php HTTP/1.1" 404 409 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||409||||210.83.230.158 - - [02/Aug/2010:22:22:15 +0100] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 409 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||413||||210.83.230.158 - - [02/Aug/2010:22:22:15 +0100] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||407||||210.83.230.158 - - [02/Aug/2010:22:22:15 +0100] "GET /mysql/scripts/setup.php HTTP/1.1" 404 407 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||412||||210.83.230.158 - - [02/Aug/2010:22:22:16 +0100] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 412 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||414||||210.83.230.158 - - [02/Aug/2010:22:22:16 +0100] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 414 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||407||||210.83.230.158 - - [02/Aug/2010:22:22:16 +0100] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 407 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||407||||210.83.230.158 - - [02/Aug/2010:22:22:17 +0100] "GET /pHpMy/scripts/setup.php HTTP/1.1" 404 407 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||412||||210.83.230.158 - - [02/Aug/2010:22:22:17 +0100] "GET /pHpMyAdMiN/scripts/setup.php HTTP/1.1" 404 412 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||414||||210.83.230.158 - - [02/Aug/2010:22:22:17 +0100] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 414 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||413||||210.83.230.158 - - [02/Aug/2010:22:22:18 +0100] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||408||||210.83.230.158 - - [02/Aug/2010:22:22:18 +0100] "GET /phpMyA/scripts/setup.php HTTP/1.1" 404 408 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||411||||210.83.230.158 - - [02/Aug/2010:22:22:18 +0100] "GET /phpMyAdmi/scripts/setup.php HTTP/1.1" 404 411 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||419||||210.83.230.158 - - [02/Aug/2010:22:22:19 +0100] "GET /phpMyAdmin-2.10.0/scripts/setup.php HTTP/1.1" 404 419 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||419||||210.83.230.158 - - [02/Aug/2010:22:22:19 +0100] "GET /phpMyAdmin-2.11.1/scripts/setup.php HTTP/1.1" 404 419 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
localhost||||420||||210.83.230.158 - - [02/Aug/2010:22:22:19 +0100] "GET /phpMyAdmin-2.11.10/scripts/setup.php HTTP/1.1" 404 420 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"

Last edited by kieron; 3rd August 2010 at 15:54.
Reply With Quote
Sponsored Links
  #2  
Old 3rd August 2010, 18:13
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I guess someone is trying to scan your server to find a vulnerability. You can block that IP as follows: http://www.howtoforge.com/forums/sho...42&postcount=4
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 3rd August 2010, 18:29
kieron kieron is offline
Junior Member
 
Join Date: Aug 2007
Posts: 12
Thanks: 1
Thanked 0 Times in 0 Posts
Default Localhost lookups in system log

Hi
Thanks for your reply i have blocked the ips of the scanners but it is these which are the ip of my server that i was worried about.

localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:48:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:53:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:58:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:03:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:08:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:13:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:18:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:23:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:28:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"

or are these normal, i have not seen them before untill this week

Kieron
Reply With Quote
  #4  
Old 4th August 2010, 17:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Is 87.194.131.22 an IP address you know? Is it the server's IP?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 4th August 2010, 20:45
kieron kieron is offline
Junior Member
 
Join Date: Aug 2007
Posts: 12
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default

Hi

No sorry this ip is my external ip from isp not my server internal ip.

I have disabled nat loopback on router and they have stopped so i will leave it like that for now.

# nat loopback (access external IP from inside):

ip config natloopback=disabled

Thx again for your reply

Last edited by kieron; 5th August 2010 at 15:23.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The system is currently updating the configuration files. warlock General 8 21st February 2009 18:15
Daily mail logrotation?! schmidse Installation/Configuration 4 21st January 2008 13:55
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs FredZ HOWTO-Related Questions 11 24th February 2007 19:30
SuseFirewall expert pls help zacch Installation/Configuration 11 17th March 2006 04:24
External Email Getting Lost jash General 10 8th November 2005 21:55


All times are GMT +2. The time now is 07:24.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.