Question

Random websites appear in Nginx access.log

Hi, I’m new to running a website on a server. I have Nginx set up and was looking at the access.log file just to see what’s in it and the format of it. I can make sense of most of it but there are some lines, for example,

120.216.207.212 - - [16/Jan/2020:13:14:28 +0000] "GET http://wx.sina.com.cn/ HTTP/1.1" 200 612 "http://wx.sina.com.cn/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"

Usually the request is just the root directory (the website). What I don’t understand is that there is a whole website being requested which I don’t understand how they would quite do that from my server. The other thing is it returns a 200 and is sending them, in this case, 612 bytes.

If anyone could perhaps help me figure out what’s going on I would really appreciate it!


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
January 19, 2020
Accepted Answer

Hello,

This has actually happened to me in the past, I had a Droplet and I was seeing GET requests to a random domain name in my access logs. It turned out that the domain name was abandoned but it was still pointing to my Droplet’s IP address.

What I did was to create a server block and deny the access for this specific hostname, so it looked something like this:

server {
	listen 80;

	index index.html index.htm index.nginx-debian.html;

	server_name some_domain_name.com;

	location / {
		deny all;
	}
}

That way if anyone tries to access that domain name pointed to my server, they would get a 403 Forbidden message.

On another note what I could also suggest is checking your Nginx config and making sure that you don’t actually have that domain name specified in there:

sudo grep -rl 'wx.sina.com.cn' /etc/nginx/*

Hope that this helps. Regards, Bobby

Thank you so much! The grep command you gave me didn’t have any output, will try out denying access for certain domains!

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel