Hacked computers spamming apache server log

If you find the following in the error.log of an apache webserver:

… [error] [client XXX.XXX.XXX.XXX] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): …

You can be sure that in most cases it is a computer, largely even running a webserver and many other services, with no firewall, lacking security precautions, xampp and phpmyadmin open to everybody, empty passwords, etc. sometimes they have all of these features at once. I have not checked for viruses but I expect most of them to even be infected or at least hacked and working for someone else than they ought to.

It is most likely that they send the request to your web server without the owner knowing about this. But one thing is for certain:

  1. It causes traffic
  2. Costs energy
  3. Spams your logs
  4. Etc. etc.

And all this because the computer administrator/owner has not made an effort to secure the computer at a minimum.
Go to your apache log directory an check if the same is happening to you using the following commands:

less error.log | grep RFC2616 | awk ‚{print $8}‘ | sort | uniq
less error.log | grep RFC2616 | awk ‚{printf(„%s %s %s\n“, $3, $4, $8)}‘

Further reading:

Ein Gedanke zu „Hacked computers spamming apache server log“

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.