Radar de proxy encontrado no arquivo de logs do apache

17

Eu estava lendo os logs do servidor apache e fiquei chocado ao ver esses logs!

[Sun Oct 25 06:44:48.922248 2015] [mpm_prefork:notice] [pid 17635] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.13 configured -- resuming normal operations
[Sun Oct 25 06:44:48.922322 2015] [core:notice] [pid 17635] AH00094: Command line: '/usr/sbin/apache2'
[Sun Oct 25 06:52:03.432156 2015] [:error] [pid 12247] [client 185.25.151.159:52483] script '/var/www/testproxy.php' not found or unable to stat
[Sun Oct 25 10:04:07.474749 2015] [:error] [pid 12246] [client 95.213.177.126:26970] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sun Oct 25 13:30:45.499151 2015] [:error] [pid 12249] [client 95.213.177.124:12337] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sun Oct 25 14:56:17.907266 2015] [core:error] [pid 12247] [client 204.232.231.193:42272] AH00126: Invalid URI in request GET HTTP/1.1 HTTP/1.1
[Sun Oct 25 16:47:51.671775 2015] [:error] [pid 13152] [client 95.213.177.122:22221] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sun Oct 25 20:05:20.347574 2015] [:error] [pid 12250] [client 95.213.177.126:26093] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sun Oct 25 20:12:20.573716 2015] [:error] [pid 12247] [client 195.211.154.57:59906] script '/var/www/wp-login.php' not found or unable to stat
[Sun Oct 25 20:12:20.925707 2015] [:error] [pid 12246] [client 195.211.154.57:59982] script '/var/www/wp-login.php' not found or unable to stat
[Sun Oct 25 20:12:21.286692 2015] [:error] [pid 14778] [client 195.211.154.57:60061] script '/var/www/wp-login.php' not found or unable to stat
[Sun Oct 25 20:12:21.653284 2015] [:error] [pid 12248] [client 195.211.154.57:60129] script '/var/www/wp-login.php' not found or unable to stat
[Sun Oct 25 23:40:01.996372 2015] [:error] [pid 13152] [client 95.213.177.125:11645] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 02:51:58.571464 2015] [:error] [pid 12247] [client 185.49.14.190:56375] script '/var/www/testproxy.php' not found or unable to stat
[Mon Oct 26 03:06:19.339766 2015] [:error] [pid 12246] [client 95.213.177.125:57675] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 05:40:34.837617 2015] [:error] [pid 12249] [client 212.26.4.140:45817] PHP Notice:  Undefined index: fileToUpload in /var/www/upload.php on line 16, referer: http://MyServerIPAddress/index.html
[Mon Oct 26 05:40:34.845077 2015] [:error] [pid 12249] [client 212.26.4.140:45817] PHP Notice:  Undefined index: fileToUpload in /var/www/upload.php on line 36, referer: http://MyServerIPAddress/index.html
[Mon Oct 26 06:35:27.184473 2015] [:error] [pid 12247] [client 95.213.177.123:49908] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 10:00:38.818189 2015] [:error] [pid 12250] [client 95.213.177.124:13503] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 13:31:03.088079 2015] [:error] [pid 12246] [client 95.213.177.126:29119] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 17:00:20.614876 2015] [:error] [pid 12247] [client 95.213.177.126:50712] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Mon Oct 26 20:29:44.660822 2015] [:error] [pid 12250] [client 95.213.177.126:1817] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 00:01:58.744948 2015] [:error] [pid 14778] [client 95.213.177.122:21314] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 01:11:03.468846 2015] [:error] [pid 18984] [client 185.25.148.240:59900] script '/var/www/testproxy.php' not found or unable to stat
[Tue Oct 27 03:30:14.778881 2015] [:error] [pid 18983] [client 95.213.177.125:18166] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 07:03:54.964307 2015] [:error] [pid 13152] [client 95.213.177.125:6661] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 10:29:50.276896 2015] [:error] [pid 12246] [client 95.213.177.124:61095] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 13:53:21.732290 2015] [:error] [pid 14778] [client 95.213.177.123:60280] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 17:21:02.887146 2015] [:error] [pid 12248] [client 95.213.177.125:63152] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 20:50:02.216260 2015] [:error] [pid 18983] [client 95.213.177.123:36963] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Tue Oct 27 21:14:02.927072 2015] [:error] [pid 12249] [client 185.25.148.240:60127] script '/var/www/testproxy.php' not found or unable to stat    
[Wed Oct 28 00:14:25.724517 2015] [:error] [pid 12250] [client 95.213.177.123:49920] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 03:44:31.131853 2015] [:error] [pid 12246] [client 95.213.177.124:43972] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 07:10:14.870620 2015] [:error] [pid 18983] [client 95.213.177.122:64165] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 10:41:34.266047 2015] [:error] [pid 12249] [client 95.213.177.122:7384] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 14:04:14.227135 2015] [:error] [pid 13152] [client 95.213.177.122:51171] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 16:20:24.056612 2015] [:error] [pid 12247] [client 91.196.50.33:37592] script '/var/www/testproxy.php' not found or unable to stat
[Wed Oct 28 17:24:12.731783 2015] [:error] [pid 12250] [client 95.213.177.126:63964] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Wed Oct 28 21:01:47.135810 2015] [:error] [pid 12246] [client 95.213.177.122:46135] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 00:26:45.812360 2015] [:error] [pid 12249] [client 95.213.177.123:4377] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 03:51:35.202020 2015] [:error] [pid 13152] [client 95.213.177.123:5403] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 07:16:27.154161 2015] [:error] [pid 14778] [client 95.213.177.125:60001] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 10:47:57.392473 2015] [mpm_prefork:notice] [pid 17635] AH00169: caught SIGTERM, shutting down
[Thu Oct 29 10:47:58.276766 2015] [mpm_prefork:notice] [pid 10744] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.14 configured -- resuming normal     operations
[Thu Oct 29 10:47:58.276856 2015] [core:notice] [pid 10744] AH00094: Command line: '/usr/sbin/apache2'
[Thu Oct 29 10:48:00.183820 2015] [mpm_prefork:notice] [pid 10744] AH00169: caught SIGTERM, shutting down
[Thu Oct 29 10:48:01.268504 2015] [mpm_prefork:notice] [pid 11109] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.14 configured -- resuming normal operations
[Thu Oct 29 10:48:01.268593 2015] [core:notice] [pid 11109] AH00094: Command line: '/usr/sbin/apache2'
[Thu Oct 29 10:53:55.208328 2015] [:error] [pid 11117] [client 95.213.177.126:24617] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 12:05:44.568022 2015] [:error] [pid 11116] [client 185.25.151.159:44881] script '/var/www/testproxy.php' not found or unable to stat
[Thu Oct 29 14:23:29.206838 2015] [:error] [pid 11113] [client     95.213.177.122:51825] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 17:46:40.522593 2015] [:error] [pid 11648] [client 95.213.177.123:6131] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 21:19:33.442885 2015] [:error] [pid 11642] [client 95.213.177.126:29530] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Thu Oct 29 21:40:04.453806 2015] [:error] [pid 11114] [client     195.211.154.57:60044] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:04.717870 2015] [:error] [pid 11643] [client 195.211.154.57:60066] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:04.982542 2015] [:error] [pid 11117] [client 195.211.154.57:60089] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:05.234578 2015] [:error] [pid 11115] [client 195.211.154.57:60114] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:05.482102 2015] [:error] [pid 11116] [client 195.211.154.57:60141] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:05.740567 2015] [:error] [pid 11113] [client 195.211.154.57:60161] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:05.993417 2015] [:error] [pid 11648] [client 195.211.154.57:60182] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:06.254748 2015] [:error] [pid 11642] [client 195.211.154.57:60210] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:06.501836 2015] [:error] [pid 11114] [client 195.211.154.57:60231] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:06.753228 2015] [:error] [pid 11643] [client 195.211.154.57:60252] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:07.015822 2015] [:error] [pid 11117] [client 195.211.154.57:60276] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:07.278555 2015] [:error] [pid 11115] [client 195.211.154.57:60304] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:07.529478 2015] [:error] [pid 11116] [client 195.211.154.57:60329] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:07.777850 2015] [:error] [pid 11113] [client 195.211.154.57:60351] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:08.022832 2015] [:error] [pid 11648] [client 195.211.154.57:60371] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:08.268446 2015] [:error] [pid 11642] [client 195.211.154.57:60393] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:08.524456 2015] [:error] [pid 11114] [client 195.211.154.57:60412] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:08.770056 2015] [:error] [pid 11643] [client 195.211.154.57:60434] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:09.031264 2015] [:error] [pid 11117] [client 195.211.154.57:60450] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:09.286882 2015] [:error] [pid 11115] [client 195.211.154.57:60473] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:09.537999 2015] [:error] [pid 11116] [client 195.211.154.57:60494] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:09.796330 2015] [:error] [pid 11113] [client 195.211.154.57:60512] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:10.047986 2015] [:error] [pid 11648] [client 195.211.154.57:60537] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:10.294042 2015] [:error] [pid 11642] [client 195.211.154.57:60560] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:10.549803 2015] [:error] [pid 11114] [client 195.211.154.57:60581] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:10.808650 2015] [:error] [pid 11643] [client 195.211.154.57:60604] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:11.056997 2015] [:error] [pid 11117] [client 195.211.154.57:60625] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:11.301379 2015] [:error] [pid 11115] [client 195.211.154.57:60652] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:11.547697 2015] [:error] [pid 11116] [client 195.211.154.57:60668] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:11.797300 2015] [:error] [pid 11113] [client 195.211.154.57:60693] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:12.056947 2015] [:error] [pid 11648] [client 195.211.154.57:60717] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:12.312125 2015] [:error] [pid 11642] [client 195.211.154.57:60737] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:12.560742 2015] [:error] [pid 11114] [client 195.211.154.57:60757] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:12.813413 2015] [:error] [pid 11643] [client 195.211.154.57:60776] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:13.065100 2015] [:error] [pid 11117] [client 195.211.154.57:60801] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:13.320162 2015] [:error] [pid 11115] [client 195.211.154.57:60824] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:13.569527 2015] [:error] [pid 11116] [client 195.211.154.57:60848] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:13.814746 2015] [:error] [pid 11113] [client 195.211.154.57:60871] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:14.066743 2015] [:error] [pid 11648] [client 195.211.154.57:60887] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:14.326231 2015] [:error] [pid 11642] [client 195.211.154.57:60915] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:14.585975 2015] [:error] [pid 11114] [client 195.211.154.57:60936] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:14.844341 2015] [:error] [pid 11643] [client 195.211.154.57:60956] script '/var/www/wp-login.php' not found or unable to stat
[Thu Oct 29 21:40:15.095272 2015] [:error] [pid 11117] [client 195.211.154.57:60981] script '/var/www/wp-login.php' not found or unable to stat
[Fri Oct 30 00:47:05.284551 2015] [:error] [pid 11115] [client 95.213.177.125:26477] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 04:09:19.403419 2015] [:error] [pid 11116] [client 95.213.177.122:31198] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 07:42:17.527746 2015] [:error] [pid 11648] [client 95.213.177.124:59115] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 10:13:59.016697 2015] [:error] [pid 11642] [client 91.196.50.33:36603] script '/var/www/testproxy.php' not found or unable to stat
[Fri Oct 30 11:06:15.666434 2015] [:error] [pid 11114] [client 95.213.177.123:16988] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 14:28:18.705393 2015] [:error] [pid 11643] [client 95.213.177.124:53349] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 17:58:00.532339 2015] [:error] [pid 11115] [client 95.213.177.122:53827] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Fri Oct 30 21:12:46.869377 2015] [:error] [pid 11116] [client 95.213.177.122:54578] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sat Oct 31 00:35:01.994847 2015] [:error] [pid 11113] [client 95.213.177.123:2596] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sat Oct 31 02:24:36.644160 2015] [:error] [pid 11648] [client 185.25.148.240:58843] script '/var/www/testproxy.php' not found or unable to stat
[Sat Oct 31 04:05:26.854168 2015] [:error] [pid 11642] [client 95.213.177.123:5184] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sat Oct 31 04:43:12.015411 2015] [:error] [pid 11114] [client 91.196.50.33:46098] script '/var/www/testproxy.php' not found or unable to stat
[Sat Oct 31 07:25:14.509690 2015] [:error] [pid 11117] [client 95.213.177.123:3185] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sat Oct 31 10:15:58.489698 2015] [:error] [pid 11115] [client 5.8.66.115:54407] script '/var/www/xmlrpc.php' not found or unable to stat
[Sat Oct 31 10:46:10.183445 2015] [:error] [pid 11116] [client 95.213.177.122:28801] script '/var/www/azenv.php' not found or unable to stat, referer: https://proxyradar.com/

Devo me preocupar com esses logs, eles indicam algum tipo de ataque?

iShaalan
fonte
4
São entradas padrão de verificação de script do moinho. Nada para se preocupar. O fato de serem etiquetados https://proxyradar.com/significa que talvez algum bot esteja usando um proxy para ocultar seu IP real enquanto investigam. Mas você não deve ver isso como um "ataque". Se você estiver preocupado, verifique sempre se a instalação principal do WordPress está totalmente corrigida e atualizada.
JakeGould
@ JakeGould a idéia é que eu não coloquei nada relacionado ao WB neste servidor! ,
iShaalan
1
Está apenas investigando o servidor. Mas não sabe o que você tem. É por isso que é chamado de sonda.
precisa saber é o seguinte
Eu sugiro que você instale algo como fail2ban que bloqueie automaticamente muitas dessas tentativas.
Darren

Respostas:

3

via @jakeGould nos comentários

São entradas padrão de verificação de script do moinho. Nada para se preocupar. O fato de serem marcados como https://proxyradar.com/ significa que talvez algum bot esteja usando um proxy para ocultar seu IP real enquanto faz a pesquisa. Mas você não deve ver isso como um "ataque". Se estiver preocupado, verifique sempre se a instalação principal do WordPress está totalmente corrigida e atualizada

Toby Allen
fonte