is my server under attach?

May 7, 2018 513 views
Apache Load Balancing Ubuntu 16.04

I am using DO loadbalancer and behind it there are 4 droplets running apache 2. I have recently notice some strange logs in my apache2 showing requests for different domains. What is wrong here and how can i fix it.
Thanks in advance for your help.

10.139.8.229 - - [02/May/2018:00:00:02 +0000] "POST http://statistics.meipai.com/statistics/play_video.json HTTP/1.1" 200 15
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "POST http://iptvliving.com:8000/client_area/ HTTP/1.1" 200 1375
 10.139.8.229 - - [01/May/2018:23:59:56 +0000] "CONNECT api.weibo.com:443 HTTP/1.0" 200 -
 10.139.8.229 - - [01/May/2018:23:59:47 +0000] "CONNECT www.instagram.com:443 HTTP/1.0" 200 -
 10.139.8.229 - - [02/May/2018:00:00:01 +0000] "GET http://www.google.ru/search?as_qdr=all&complete=1&num=100&hl=ru&nord=1&as_q=%D0%BA%D1%83%D0%BF%D0%B8%D1%82%D1%8C+%D1%8F%D1%85%D1%82%D1%83+%D1%8D%D0%BC%D0%B8%D1%80%D0%B0%D1%82%D1%8B&sa=N HTTP/1.1" 200 2148
 10.139.8.229 - - [01/May/2018:23:59:59 +0000] "CONNECT www.victoriassecret.com:443 HTTP/1.0" 200 -
 10.139.8.229 - - [02/May/2018:00:00:02 +0000] "GET http://www.cq9995.com/index.php?c=home HTTP/1.1" 200 552
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "GET http://www.tfent.cn/Register HTTP/1.1" 405 4104
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "GET http://music.163.com/api/v1/resource/comments/R_SO_4_2876048?limit=5&offset=0 HTTP/1.1" 200 902
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "GET http://kuaibao.qq.com/getMediaCardInfo?chlid=5721752 HTTP/1.1" 200 470
 10.139.8.229 - - [02/May/2018:00:00:02 +0000] "POST http://hb-api.longzhu.com/user/collect?roomId=2126122&version=4.6.4&device=4&packageId=1&utm_sr=chanel_12 HTTP/1.1" 587 3
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "POST http://iptvliving.com:8000/client_area/ HTTP/1.1" 200 1375
 10.139.8.229 - - [02/May/2018:00:00:02 +0000] "GET http://www.cq9995.com/index.php?c=home HTTP/1.1" 200 549
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "POST http://goldvod.tv/login.html HTTP/1.1" 301 4899
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "POST http://hb-api.longzhu.com/user/collect?roomId=2314818&version=4.6.4&device=4&packageId=1&utm_sr=chanel_12 HTTP/1.1" 200 12
 10.139.8.229 - - [02/May/2018:00:00:01 +0000] "CONNECT bar-navig.yandex.ru:443 HTTP/1.0" 200 -
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "GET http://map.baidu.com/?qt=ugcPhotos&poiId=b6519a701e7d049526d2bb6d&type=life&pageCount=30&t=1525219202529 HTTP/1.1" 200 74
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "GET http://open-webstore.com/201[2-8]{1}/0[1-9]{1}/ HTTP/1.1" 200 1340
 10.139.8.229 - - [01/May/2018:23:59:58 +0000] "CONNECT web.immomo.com:443 HTTP/1.0" 200 -
 10.139.8.229 - - [02/May/2018:00:00:01 +0000] "CONNECT bar-navig.yandex.ru:443 HTTP/1.0" 200 -
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "GET http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v2/?key=C03B3C09F6AEAF4969A0EE747B895321&steamids=76561198055637017 HTTP/1.1" 200 367
 10.139.8.229 - - [02/May/2018:00:00:03 +0000] "POST http://iptvliving.com:8000/client_area/ HTTP/1.1" 200 1375

1 Answer

Yes, in that this is likely the result of a bot scanning for open web proxy servers that can be used to request remote sites.

This page includes some additional details on this type of request as well as how you can test how your server responds.

Have another answer? Share your knowledge.