Question

Random websites appear in Nginx access.log

Posted January 16, 2020 1.4k views
Nginx

Hi, I’m new to running a website on a server. I have Nginx set up and was looking at the access.log file just to see what’s in it and the format of it. I can make sense of most of it but there are some lines, for example,

120.216.207.212 - - [16/Jan/2020:13:14:28 +0000] "GET http://wx.sina.com.cn/ HTTP/1.1" 200 612 "http://wx.sina.com.cn/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"

Usually the request is just the root directory (the website). What I don’t understand is that there is a whole website being requested which I don’t understand how they would quite do that from my server. The other thing is it returns a 200 and is sending them, in this case, 612 bytes.

If anyone could perhaps help me figure out what’s going on I would really appreciate it!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hello,

This has actually happened to me in the past, I had a Droplet and I was seeing GET requests to a random domain name in my access logs. It turned out that the domain name was abandoned but it was still pointing to my Droplet’s IP address.

What I did was to create a server block and deny the access for this specific hostname, so it looked something like this:

server {
    listen 80;

    index index.html index.htm index.nginx-debian.html;

    server_name some_domain_name.com;

    location / {
        deny all;
    }
}

That way if anyone tries to access that domain name pointed to my server, they would get a 403 Forbidden message.

On another note what I could also suggest is checking your Nginx config and making sure that you don’t actually have that domain name specified in there:

sudo grep -rl 'wx.sina.com.cn' /etc/nginx/*

Hope that this helps.
Regards,
Bobby

Thank you so much! The grep command you gave me didn’t have any output, will try out denying access for certain domains!