Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have just setup a new nginx server on Centos 7.
I notice a lot of the following types entry in my error logs.
I notice e.g. are they trying to pass into my javascripts
Code:
2018/05/31 14:03:14 [error] 16873#0: *4138 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/bootstrap-daterangepicker/daterangepicker.js
Code:
2018/05/31 14:03:14 [error] 16873#0: *4152 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/moment/min/moment.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4138 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/bootstrap-daterangepicker/daterangepicker.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4138 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/bootstrap-daterangepicker/daterangepicker.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4151 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/switchery/dist/switchery.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4151 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/switchery/dist/switchery.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4155 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/select2/dist/js/select2.full.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4155 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/select2/dist/js/select2.full.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4154 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/parsleyjs/dist/parsley.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:14 [error] 16873#0: *4154 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/parsleyjs/dist/parsley.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4152 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/autosize/dist/autosize.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4152 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/autosize/dist/autosize.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/devbridge-autocomplete/dist/jquery.autocomplete.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/devbridge-autocomplete/dist/jquery.autocomplete.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4151 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/starrr/dist/starrr.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4151 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/starrr/dist/starrr.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/bootstrap/dist/js/bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/bootstrap/dist/js/bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net/js/jquery.dataTables.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net/js/jquery.dataTables.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4152 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-bs/js/dataTables.bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4152 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-bs/js/dataTables.bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons/js/dataTables.buttons.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons/js/dataTables.buttons.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4151 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons-bs/js/buttons.bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4151 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons-bs/js/buttons.bootstrap.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/fastclick/lib/fastclick.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/fastclick/lib/fastclick.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons/js/buttons.flash.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/datatables.net-buttons/js/buttons.flash.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/pdfmake/build/pdfmake.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4154 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/pdfmake/build/pdfmake.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/pdfmake/build/vfs_fonts.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4138 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/pdfmake/build/vfs_fonts.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4153 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/custms/js/custom.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4153 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/custms/js/custom.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/impm/xxx.png HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4155 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/impm/xxx.png HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4153 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/mfolder/iCheck/icheck.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:03:15 [error] 16873#0: *4153 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/mfolder/iCheck/icheck.min.js HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:18:01 [error] 16873#0: *4168 limiting connections by zone "addr", client: 60.52.28.169, server: _, request: "GET /app1/impm/xxx.png HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:18:01 [error] 16873#0: *4168 open() "/var/www/html/50x.html" failed (2: No such file or directory), client: 60.52.28.169, server: _, request: "GET /app1/impm/xxx.png HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 14:38:57 [error] 16873#0: *4180 directory index of "/var/www/html/" is forbidden, client: 60.173.10.16, server: _, request: "GET / HTTP/1.1", host: "xxx.x.xxx.xxx"
2018/05/31 14:38:57 [error] 16873#0: *4180 open() "/var/www/html/index.action" failed (2: No such file or directory), client: 60.173.10.16, server: _, request: "GET /index.action HTTP/1.1", host: "xxx.x.xxx.xxx"
2018/05/31 14:38:57 [error] 16873#0: *4180 open() "/var/www/html/404.html" failed (2: No such file or directory), client: 60.173.10.16, server: _, request: "GET /index.action HTTP/1.1", host: "xxx.x.xxx.xxx"
2018/05/31 15:26:18 [error] 16873#0: *4184 open() "/var/www/html/manager/html" failed (2: No such file or directory), client: 183.131.83.50, server: _, request: "GET /manager/html HTTP/1.1", host: "xxx.x.xxx.xxx"
2018/05/31 15:26:18 [error] 16873#0: *4184 open() "/var/www/html/404.html" failed (2: No such file or directory), client: 183.131.83.50, server: _, request: "GET /manager/html HTTP/1.1", host: "xxx.x.xxx.xxx"
2018/05/31 15:27:38 [error] 16873#0: *4185 open() "/var/www/html/favicon.ico" failed (2: No such file or directory), client: 64.233.173.141, server: _, request: "GET /favicon.ico HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 15:27:38 [error] 16873#0: *4185 open() "/var/www/html/404.html" failed (2: No such file or directory), client: 64.233.173.141, server: _, request: "GET /favicon.ico HTTP/1.1", host: "xxx.xxx.xxx.xx", referrer: "http://xxx.xxx.xxx.xx/app1/xxx.php"
2018/05/31 15:33:36 [error] 16873#0: *4189 client intended to send too large body: 1195 bytes, client: 122.114.204.78, server: _, request: "POST /wls-wsat/CoordinatorPortType HTTP/1.1", host: "xxx.x.xxx.xxx:80"
What else can I do to further harden my nginx server?
Hi Habitual,
What else logs should I look into ? I see a lot of this. Should I take more logs to be posted here? Any other tips to hardened ngixn. Will naxsi help to harden it.
What is "behind nginx? Turdpress, Magento, Drupal???
What is being served?
What are they asking for?
Code:
grep 60.52.28.169/var/log/nginx/*
No more "logs"without verbs.
Create a custom jail and get f2b up to speed using that IP as a marker/test, or ignore 60.52.28.169
or issue a drop for 60.52.0.0/18
You don't have the files they are looking for. There's no need to harden anything. You can either block the IP or ignore them.
I normally feed them a file of my choice. It's free marketing for the file I want to distribute.
hi DeveGuy,
Actually all those files exist in those folders. I guess they have checked through my files list. How to stop that quite difficult I know cause they can see from my source codes.
Ok then, rename directory app1 to 273C1702B811A053B15E1E8DF06CD324. They will never find it. You know the directory name, so you can access it.
If the directory name is referred to by public pages, then you have to remove such references. Or, you can restrict access to that directory by you own IP if you are the only one using those files.
Ok then, rename directory app1 to 273C1702B811A053B15E1E8DF06CD324. They will never find it. You know the directory name, so you can access it.
Hi Devguy,
But the issue is the when say my clients want to use now the application is http://myip/app1. So if I rename it will be difficult for my clients to even remember and browse. What else solution is best here?
Hi Devguy,
But the issue is the when say my clients want to use now the application is http://myip/app1. So if I rename it will be difficult for my clients to even remember and browse. What else solution is best here?
If you want to do sophisticated stuff, you will have to hire a dev. Otherwise there's no easy solution to limit access only to some of the public. Renaming directory is the simplest way to do it cheaply. You can simply give your clients the directory name. As long as the name isn't referenced by files accessible by all public, and the name is a good length, unauthorised public will never find the name. But there's nothing to stop your clients giving out such information.
If you want to do sophisticated stuff, you will have to hire a dev. Otherwise there's no easy solution to limit access only to some of the public. Renaming directory is the simplest way to do it cheaply. You can simply give your clients the directory name. As long as the name isn't referenced by files accessible by all public, and the name is a good length, unauthorised public will never find the name. But there's nothing to stop your clients giving out such information.
Hi Devguy,
Yes you are right even how sophisticated I make it if the client give them the access they will still get it. So how will he hired dev guys could really help then?
Hi Devguy,
Yes you are right even how sophisticated I make it if the client give them the access they will still get it. So how will he hired dev guys could really help then?
I think you can hire some Indian dev for cheap on the internet. There are these dev hiring sites on the internet that you can offer a job amount and people will apply for the job. No idea how good a job they do.
I am a dev myself, but I don't work cheap. So I won't compete with those Indians or the hungry Romanians.
What is "behind nginx? Turdpress, Magento, Drupal???
What is being served?
What are they asking for?
Code:
grep 60.52.28.169/var/log/nginx/*
No more "logs"without verbs.
Create a custom jail and get f2b up to speed using that IP as a marker/test, or ignore 60.52.28.169
or issue a drop for 60.52.0.0/18
Hi Habitual,
I have visited the link you suggested. So the section on the page suggested to add #To enable log monitoring for Nginx login attempts.[nginx-auth]. So I just add right below the default section that should be fine right. Why is it suggesting to change to jail.local then how will it know to pick this as the .conf ?
Basically what is running behind will be bootstrap template based php application. I dont quite get you No more "logs"without verbs.? What do you mean by this logs. I can pull more for you.
You suggested this "Create a custom jail and get f2b up to speed using that IP as a marker/test, or ignore 60.52.28.169
or issue a drop for 60.52.0.0/18". Where to create this is it in the jail.local or jail.conf ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.