Someone is trying to hack my server

March 8, 2019 1.8k views
Security Apache Nginx Ubuntu 18.04

I think someone is trying to get access to my server. In my logs, I can see the following requests:

::ffff:127.0.0.1 - GET / HTTP/1.0 200 12 - 1.210 ms
::ffff:127.0.0.1 - GET /drupal/ HTTP/1.0 404 146 - 4.361 ms
::ffff:127.0.0.1 - GET /cms/ HTTP/1.0 404 143 - 0.636 ms
::ffff:127.0.0.1 - GET /status?full=true HTTP/1.0 404 145 - 0.492 ms
::ffff:127.0.0.1 - GET / HTTP/1.0 200 12 - 0.330 ms
::ffff:127.0.0.1 - GET /script HTTP/1.0 404 145 - 0.458 ms
::ffff:127.0.0.1 - GET /jenkins/script HTTP/1.0 404 153 - 0.535 ms
::ffff:127.0.0.1 - GET /login HTTP/1.0 404 144 - 0.526 ms
::ffff:127.0.0.1 - GET /jmx-console HTTP/1.0 404 150 - 0.507 ms
::ffff:127.0.0.1 - GET /manager/html HTTP/1.0 404 151 - 0.445 ms
::ffff:127.0.0.1 - GET / HTTP/1.0 200 12 - 0.418 ms
::ffff:127.0.0.1 - GET /administrator HTTP/1.0 404 152 - 0.360 ms
::ffff:127.0.0.1 - GET /joomla/administrator HTTP/1.0 404 159 - 0.412 ms
::ffff:127.0.0.1 - GET /cms/administrator HTTP/1.0 404 156 - 0.427 ms
::ffff:127.0.0.1 - GET /Joomla/administrator HTTP/1.0 404 159 - 0.451 ms
::ffff:127.0.0.1 - GET /msd HTTP/1.0 404 142 - 0.369 ms
::ffff:127.0.0.1 - GET /mySqlDumper HTTP/1.0 404 150 - 0.568 ms
::ffff:127.0.0.1 - GET /msd1.24stable HTTP/1.0 404 152 - 0.399 ms
::ffff:127.0.0.1 - GET /msd1.24.4 HTTP/1.0 404 148 - 0.385 ms
::ffff:127.0.0.1 - GET /mysqldumper HTTP/1.0 404 150 - 0.609 ms
::ffff:127.0.0.1 - GET /MySQLDumper HTTP/1.0 404 150 - 0.582 ms
::ffff:127.0.0.1 - GET /mysql HTTP/1.0 404 144 - 0.365 ms
::ffff:127.0.0.1 - GET /sql HTTP/1.0 404 142 - 0.584 ms
::ffff:127.0.0.1 - GET /cgi-bin/php HTTP/1.0 404 150 - 0.382 ms
::ffff:127.0.0.1 - GET /cgi-bin/php5 HTTP/1.0 404 151 - 0.389 ms
::ffff:127.0.0.1 - GET /phpmyadmin HTTP/1.0 404 149 - 0.371 ms
::ffff:127.0.0.1 - GET /phpMyAdmin HTTP/1.0 404 149 - 0.429 ms
::ffff:127.0.0.1 - GET /mysql HTTP/1.0 404 144 - 0.456 ms
::ffff:127.0.0.1 - GET /sql HTTP/1.0 404 142 - 0.431 ms
::ffff:127.0.0.1 - GET /myadmin HTTP/1.0 404 146 - 0.332 ms
::ffff:127.0.0.1 - GET /phpMyAdmin-4.2.1-all-languages HTTP/1.0 404 169 - 0.406 ms
::ffff:127.0.0.1 - GET /phpMyAdmin-4.2.1-english HTTP/1.0 404 163 - 0.367 ms
::ffff:127.0.0.1 - GET /xampp/phpmyadmin HTTP/1.0 404 155 - 0.368 ms
::ffff:127.0.0.1 - GET /typo3/phpmyadmin HTTP/1.0 404 155 - 0.376 ms
::ffff:127.0.0.1 - GET /webadmin HTTP/1.0 404 147 - 0.385 ms
::ffff:127.0.0.1 - GET / HTTP/1.0 200 12 - 0.324 ms

Which to me clearly indicates someone wants to get access to relevant files. There are none, I don’t run WordPress or PhpMyAdmin on that server, but I feel like someone is trying to do something. Maybe it’s a remote file, I don’t know. I run my database on a separate droplet, but they might try there as well. How can I secure this or prevent remote access?

1 Answer

Hey friend,

I think you will like my perspective on this. I vote that you do nothing to address this. From where I sit, this is simply par for the course when running a web server on a public facing network. No matter what you do, someone out there means you harm and they’re going to scan your IP for ways to accomplish it. The most important thing is that they didn’t find anything, and the next most important thing is that you don’t leave anything for them to find. Run secure software, keep it up to date, keep your ear to the ground for vulnerabilities in the apps you run, and ignore these people.

That’s my recipe for success at least :)

Jarland

Have another answer? Share your knowledge.