linux – 我的httpd access_log中有很多奇怪的请求,这是否意味着我有病毒？

概述我有这样的httpd日志信息,它会一直持续下去.首先,这是否意味着我有病毒？我的服务器是僵尸网络的一部分？我的服务器是 Linux Centos 5. tail -f / var / log / httpd / access_log 另外我怎么能阻止这次袭击？ 如何确保我的服务器不发送请求？ 我可以添加哪些其他安全措施？ 69.164.209.127 - - [14/Jun/2012:18:49: 我有这样的httpd日志信息,它会一直持续下去.首先,这是否意味着我有病毒？我的服务器是僵尸网络的一部分？我的服务器是 Linux Centos 5.

tail -f / var / log / httpd / access_log

另外我怎么能阻止这次袭击？

如何确保我的服务器不发送请求？

我可以添加哪些其他安全措施？

69.164.209.127 - - [14/Jun/2012:18:49:05 +0800] "GET http://69.164.209.127/82d8e94797c2079b53bb3d36157a699f http/1.1" 404 309 "-" "Avant browser - MSIE 7 (Win XP)|Mozilla/4.0 (compatible; MSIE 7.0; windows NT 5.1; Avant browser; Avant browser; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"176.227.198.140 - - [14/Jun/2012:18:49:05 +0800] "GET http://www.Google.com/search?as_q=monochrom+inurl:%3Fp%3D%2A%26option%3Dcom%5Fwordpress%26ItemID%3D%2A&num=100&hl=en&output=IE&filter=0 http/1.0" 404 283 "http://www.Google.com/search?as_q=monochrom+inurl:%3Fp%3D%2A%26option%3Dcom%5Fwordpress%26ItemID%3D%2A&num=100&hl=en&output=IE&filter=0" "Mozilla/4.0 (compatible; MSIE 7.0b; windows NT 6.0)"173.236.110.243 - - [14/Jun/2012:18:49:06 +0800] "CONNECT evisaforms.state.gov:443 http/1.1" 200 9452 "-" "-"95.250.43.84 - - [14/Jun/2012:18:49:06 +0800] "POST http://www.alldebrID.com/API.PHP?action=info_user&login=zcnhaa&pw=123456789 http/1.1" 404 287 "-" "Mozilla/5.0 (windows; U; MSIE 7.0; windows NT 6.0; en-US)"176.227.198.140 - - [14/Jun/2012:18:49:06 +0800] "GET http://www.Google.com/search?as_q=monopsonic+%22Write+a+Comment%22+Website&num=100&hl=en&output=IE&filter=0 http/1.0" 404 283 "http://www.Google.com/search?as_q=monopsonic+%22Write+a+Comment%22+Website&num=100&hl=en&output=IE&filter=0" "Mozilla/4.79 [en] (windows NT 5.0; U)"173.236.110.243 - - [14/Jun/2012:18:49:06 +0800] "CONNECT evisaforms.state.gov:443 http/1.1" 200 9452 "-" "-"46.4.25.139 - - [14/Jun/2012:18:49:07 +0800] "GET http://www.ebay.it/itm/-/280882450672 http/1.0" 404 292 "-" "Mozilla/4.0 (compatible; MSIE 8.0; windows NT 6.0; TrIDent/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022; .NET CLR 3.5.30729; MS-RTC LM 8; OfficeliveConnector.1.4; OfficelivePatch.1.3; .NET CLR 3.0.30729)"173.236.110.243 - - [14/Jun/2012:18:49:07 +0800] "CONNECT evisaforms.state.gov:443 http/1.1" 200 9452 "-" "-"216.58.17.248 - - [14/Jun/2012:18:49:07 +0800] "GET http://images.Google.com/ http/1.1" 200 9452 "-" "Mozilla/4.0 (compatible; MSIE 7.0; windows NT 6.0; WOW64; .NET CLR 1.1.4322; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)"173.236.110.244 - - [14/Jun/2012:18:49:07 +0800] "CONNECT evisaforms.state.gov:443 http/1.1" 200 9452 "-" "-"173.236.110.244 - - [14/Jun/2012:18:49:07 +0800] "CONNECT evisaforms.state.gov:443 http/1.1" 200 9452 "-" "-"173.236.110.244 - - [14/Jun/2012:18:49:09 +0800] "CONNECT evisaforms.state.gov:443 http/1.1" 200 9452 "-" "-"173.236.110.244 - - [14/Jun/2012:18:49:09 +0800] "CONNECT evisaforms.state.gov:443 http/1.1" 200 9452 "-" "-"

解决方法

I have httpd log information as such which goes on and on forever.
Firstly,does this mean I have a virus? is my server part of a botnet?

您似乎没有病毒,也不可能是僵尸网络的一部分.这两种情况都不希望通过记录他们的活动来宣布他们的存在.

Also how can I block this attack?

这不是攻击.您似乎正在运行开放代理服务器.如果您不需要运行代理服务器,请在Apache配置中禁用代理访问.

How can I make sure my server is not sending out requests?

您的服务器正在发送请求.通过在Apache配置中为代理请求添加ACL来阻止代理访问.这样的事情应该允许从localhost和专用网络块进行代理访问.根据需要调整最后一个允许线.

<Proxy *>    Order deny,allow    Deny  from all    Allow from 127.0.0.0/255.0.0.0 ::1/128    Allow from 192.168.2.0/24</Proxy>

What other security measures can I add?

如果您不需要向Internet主机提供Web服务,请向Apache服务器添加类似于上述的ACL.考虑使用iptables阻止传入的Web请求.

如果您确实需要代理,请考虑使用具有适当访问控制的专用代理,如squID.您还可以在不同的端口上创建单独的虚拟主机以进行代理.这应该有适当的访问控制.

总结

以上是内存溢出为你收集整理的linux – 我的httpd access_log中有很多奇怪的请求,这是否意味着我有病毒？全部内容，希望文章能够帮你解决linux – 我的httpd access_log中有很多奇怪的请求,这是否意味着我有病毒？所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。