Hello,everyone.

I looked up the apache access log from time to time and recently, I found something which is weird and don't know what it means in terms of server security.

As you can see in attachment 1,there was a connection from tomcat requesting manager/html folder.However,I don't have the tomcat activated with apache so does it mean that the remote pc/server trying to access a folder which doesn't exist and disguised us as an tomcat server?

In attachment 2,you can see that there was a request from a pc/server requested proxyjudge1.proxyfire.net/fastenv and failed.What does it mean?Is my server being hijacked or something?

I hope you guys can shed me some light on this one.
Thanks.

Attached Thumbnails

   

Hi,

Are you requesting user authentication in order to access your server?
Because in both cases the response code was 401, meaning "Authorization Required". In fact in the 1st screenshot the username "tomcat" was used for authentication but failed.
The 2nd log was an attempt to see if your webserver is also configured as a proxy server.
Anyway if you don't have apache connected to tomcat and your server is not working as a proxy, there is nothing to worry about. It's usual scan attempts, trying to find servers running these services.
You can check the error_log and see that apache denied access.

Regards

Thanks for the reply.Your answer is simple and pertinent.

I do have my website with login required so I know what the log means now after your clear explanation.

Thanks again for the help.

Have a look into mod_security to help secure your server, it's an application firewall for apache

Thanks for the reply,fotoguy.

I'm looking into mod_security to tweak with the server name recently. but will look into the feature which you mentioned.

Thanks for a head up.