[root@rhce-ryanrudolf]# rm -rf / 2> /dev/null

things I break/fix for fun and learning

Nov 23, 2017 - 2 minute read - Comments

Apache Logs

After merely a few hours that my site is up and running, I decided to check the apache logs to see if there are any suspicious activities. Scouring through the log files, everything looks normal except for these entries -

120.211.23.242 - - [23/Nov/2017:04:42:23 -0500] "GET / HTTP/1.0" 200 8499 "-" "masscan/1.0"
120.211.23.242 - - [23/Nov/2017:04:42:24 -0500] "GET / HTTP/1.0" 200 8499 "-" "masscan/1.0"
120.211.23.242 - - [23/Nov/2017:04:42:25 -0500] "GET / HTTP/1.0" 200 8499 "-" "masscan/1.0"
120.211.23.242 - - [23/Nov/2017:04:42:25 -0500] "GET / HTTP/1.1" 400 226 "-" "masscan/1.0"
120.211.23.242 - - [23/Nov/2017:04:42:26 -0500] "GET / HTTP/1.0" 200 8499 "-" "masscan/1.0"
120.211.23.242 - - [23/Nov/2017:04:42:31 -0500] "GET / HTTP/1.0" 200 8499 "-" "-"
120.211.23.242 - - [23/Nov/2017:04:42:33 -0500] "GET / HTTP/1.1" 200 8499 "-" "masscan/1.0"
120.211.23.242 - - [23/Nov/2017:04:42:34 -0500] "GET /index.php HTTP/1.1" 404 207 "-" "-"
120.211.23.242 - - [23/Nov/2017:04:42:34 -0500] "HEAD /manager/html HTTP/1.0" 404 - "-" "-"

Looks like someone is scanning the internet for webserver vulnerabilities! Quick whois and it looks like it originates from China!

[root@centos2 tech-and-finance]# whois 120.211.23.242| more
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '120.192.0.0 - 120.255.255.255'

% Abuse contact for '120.192.0.0 - 120.255.255.255' is 'abuse@chinamobile.com'

inetnum:        120.192.0.0 - 120.255.255.255
netname:        CMNET
descr:          China Mobile Communications Corporation
descr:          Mobile Communications Network Operator in China
descr:          Internet Service Provider in China
country:        CN
org:            ORG-CM1-AP
admin-c:        JS686-AP
tech-c:         HL1318-AP
remarks:        service provider
status:         ALLOCATED PORTABLE
mnt-by:         APNIC-HM
mnt-lower:      MAINT-CN-CMCC
mnt-routes:     MAINT-CN-CMCC
remarks:        --------------------------------------------------------
remarks:        To report network abuse, please contact mnt-irt
remarks:        For troubleshooting, please contact tech-c and admin-c
remarks:        Report invalid contact via www.apnic.net/invalidcontact
remarks:        --------------------------------------------------------
last-modified:  2017-08-30T07:22:04Z
source:             APNIC
mnt-irt:        IRT-CHINAMOBILE-CN

This is one of the risks of running a homeserver. You have been warned LOL!

Like this page? Share it!

Homeserver using old hardware Goodbye Uptime!

comments powered by Disqus