When i send this request:
GET /test.php HTTP/1.1
Host: localhost
The connection just times out. When looking into the server log, this is what i found:
127.0.0.1 - - [16/Nov/2016:07:58:01 +0100] "GET /test.php HTTP/1.1" 408 321 "-" "-"
Any ideas why it does that?
Related
We are randomly getting the following error in access.log
127.0.0.1 - - [17/Mar/2022:03:48:54 +0500] "GET /output/c386bccd-983a-4ac5-bfe1-c969e3623702 HTTP/1.1" 502 3693 "-"
"-" "-"
and Following error in error.log
2022/03/17 03:48:54 [error] 7031#0: *3421285 peer closed connection in
SSL handshake while SSL handshaking to upstream, client: 127.0.0.1,
server: , request: "GET /output/c386bccd-983a-4ac5-bfe1-c969e3623702
HTTP/1.1", upstream:
"https://xxx.xxx.xxx.xx:23432/output/c386bccd-983a-4ac5-bfe1-c969e3623702",
host: "xxx.xxx.xxx.xx:23442"
A curious question this time. Someone just made the following HTTP requests to my server:
127.0.0.1 - - [02/Jun/2021 15:28:00] "GET //wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:00] "GET //xmlrpc.php?rsd HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:00] "GET / HTTP/1.0" 200 -
127.0.0.1 - - [02/Jun/2021 15:28:00] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:00] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //website/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //news/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //2018/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //2019/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //shop/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //wp1/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //test/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //media/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //wp2/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //site/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:02] "GET //cms/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:02] "GET //sito/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
Anyone any idea why someone would try this. I know it has something to do with WordPress (that I don't use/have installed anyway) But I still wonder why someone would try to make these requests.
Thx a lot,
Jules
P.S. The server says it comes from localhost but that is because it goes through Nginx
This is commonplace. Today more than 40% of the world's internet traffic are bots and 25% are malicious bots.
They are just bots that are constantly looking for possible security flaws in as many indexed domains as possible in order to compromise the site.
There are tools that can help you detect these requests and take action. For example fail2ban.
so I set up Mediawiki on a server and it worked nice. Now I wanted to change the virtual server config of nginx so I have nice urls. I followed this doc: https://www.mediawiki.org/wiki/Manual:Short_URL/Nginx
Here are my settings:
Working conf: https://paste.ngx.cc/ab
Not working conf (nice urls):
Virtual Server: https://paste.ngx.cc/1436
LocalSettings.php has added:
$wgScriptPath = "/mediawiki";
$wgScriptExtension = ".php";
$wgArticlePath = "/wiki/$1";
$wgUsePathInfo = true;
The wiki is installed at /var/www/my-site.com/mediawiki
The error is:
FastCGI sent in stderr: "Primary script unknown" while reading
response header from upstream, client: xxx.xxx.xxx.xxx, server:
my-site.ch, request: "GET /wiki/Main_page HTTP/1.1", upstream:
"fastcgi://unix:/var/run/php/php7.2-fpm.sock:", host:
"www.my-site.com"
Entry from access log:
"GET
/load.php?debug=false&lang=en&modules=ext.uls.webfonts.fonts%2Crepository%7Cjquery.webfonts&skin=timeless&version=1ejfn7l
HTTP/1.1" 200 19908 "http://www.my-site.ch/index.php?title=Main_Page"
"Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
Any idea what exactly is going on?
Trying to setup wordpress and nginx in docker containers while sharing the volume from wordpress to nginx. While doing so, nginx is unable to read the files from the volume as the users are different. How do I solve this?
This is currently causing this error below:
wordpress_1 | 172.18.0.17 - 18/Feb/2018:15:39:27 +0000 "GET /index.php" 404
nginx_1 | 2018/02/18 15:39:27 [error] 7#7: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 172.18.0.1, server: galaxycard.in, request: "GET / HTTP/1.1", upstream: "fastcgi://172.18.0.13:9000", host: "127.0.0.1:3000"
nginx_1 | 172.18.0.1 - - [18/Feb/2018:15:39:27 +0000] "GET / HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
In my nginx access.log have seen some POST request like these, this request is over 20 time in 1 second, this tunnel.jsp there is no inside my server, but this ip can through this way(using 80 port) to change something on my server, how can I only block the tunnel.jsp using nginx or there are other ways to stop this without close 80 port?
xxx.xxx.xxx.xxx - - [14/Mar/2017:02:26:24 +0800] "POST /v1/bet/attach/tunnel.jsp?cmd=read HTTP/1.1" 200 5 "-" "-"
xxx.xxx.xxx.xxx - - [14/Mar/2017:02:26:24 +0800] "POST /v1/bet/attach/tunnel.jsp?cmd=read HTTP/1.1" 200 5 "-" "-"
xxx.xxx.xxx.xxx - - [14/Mar/2017:02:26:24 +0800] "POST /v1/bet/attach/tunnel.jsp?cmd=read HTTP/1.1" 200 5 "-" "-"
xxx.xxx.xxx.xxx - - [14/Mar/2017:02:26:24 +0800] "POST /v1/bet/attach/tunnel.jsp?cmd=read HTTP/1.1" 200 5 "-" "-"
xxx.xxx.xxx.xxx - - [14/Mar/2017:02:26:24 +0800] "POST /v1/bet/attach/tunnel.jsp?cmd=read HTTP/1.1" 200 5 "-" "-"
xxx.xxx.xxx.xxx - - [14/Mar/2017:02:26:24 +0800] "POST /v1/bet/attach/tunnel.jsp?cmd=read HTTP/1.1" 200 5 "-" "-"
if you are planning to ban the IP where the request is coming from, you can try fail2ban