Question

Random websites appear in Nginx access.log

Posted January 16, 2020 303 views
Nginx

Hi, I’m new to running a website on a server. I have Nginx set up and was looking at the access.log file just to see what’s in it and the format of it. I can make sense of most of it but there are some lines, for example,

120.216.207.212 - - [16/Jan/2020:13:14:28 +0000] "GET http://wx.sina.com.cn/ HTTP/1.1" 200 612 "http://wx.sina.com.cn/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"

Usually the request is just the root directory (the website). What I don’t understand is that there is a whole website being requested which I don’t understand how they would quite do that from my server. The other thing is it returns a 200 and is sending them, in this case, 612 bytes.

If anyone could perhaps help me figure out what’s going on I would really appreciate it!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hello,

This has actually happened to me in the past, I had a Droplet and I was seeing GET requests to a random domain name in my access logs. It turned out that the domain name was abandoned but it was still pointing to my Droplet’s IP address.

What I did was to create a server block and deny the access for this specific hostname, so it looked something like this:

server {
    listen 80;

    index index.html index.htm index.nginx-debian.html;

    server_name some_domain_name.com;

    location / {
        deny all;
    }
}

That way if anyone tries to access that domain name pointed to my server, they would get a 403 Forbidden message.

On another note what I could also suggest is checking your Nginx config and making sure that you don’t actually have that domain name specified in there:

sudo grep -rl 'wx.sina.com.cn' /etc/nginx/*

Hope that this helps.
Regards,
Bobby

Thank you so much! The grep command you gave me didn’t have any output, will try out denying access for certain domains!

Submit an Answer