Since last few days, we are noticing someone or something trying to access our web application may be with a bad intention. Saying this based on suspicious logs found in the NGINX access log file. I've found 113 references of this try and copy/pasting below one reference of it. The access logs always come in the sequence below. And every time it comes from a different IP address. We've no idea if this can possibly harm our site. So I'll appreciate if someone can explain this and advise any solution to protect our site.
46.141.98.210 - - [16/Apr/2018:23:18:53 +0600] "POST /wls-wsat/CoordinatorPortType HTTP/1.1" 301 193 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
46.141.98.210 - - [16/Apr/2018:23:19:03 +0600] "GET / HTTP/1.1" 301 193 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
46.141.98.210 - - [16/Apr/2018:23:19:03 +0600] "POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1" 301 193 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
46.141.98.210 - - [16/Apr/2018:23:19:04 +0600] "GET / HTTP/1.1" 301 193 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
46.141.98.210 - - [16/Apr/2018:23:19:04 +0600] "GET / HTTP/1.1" 301 193 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
46.141.98.210 - - [16/Apr/2018:23:19:04 +0600] "GET /rss.php?mode=recent HTTP/1.1" 301 193 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
Aucun commentaire:
Enregistrer un commentaire