Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[SOLVED] Request crashing apache2?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
freke
Veteran
Veteran


Joined: 23 Jan 2003
Posts: 1029
Location: Somewhere in Denmark
PostPosted: Wed Jan 10, 2024 2:30 pm    Post subject: [SOLVED] Request crashing apache2? Reply with quote
Going through my logs I stumbled across this malicous? requests on my webserver
Code:
Jan 10 10:33:57 lamp.vlh.dk apache2 [Wed Jan 10 10:33:57.535367 2024] [core:error] [pid 1668] [client 185.180.143.188:55260] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png)
Jan 10 10:33:57 lamp.vlh.dk apache2 185.180.143.188 - - "HEAD /icons/sphere1.png HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
Jan 10 10:33:57 lamp.vlh.dk apache2 185.180.143.188 - - "HEAD /icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png HTTP/1.1" 400 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
Jan 10 10:33:58 lamp.vlh.dk apache2 [Wed Jan 10 10:33:58.199189 2024] [core:error] [pid 2001] [client 185.180.143.188:55272] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png)
Jan 10 10:33:58 lamp.vlh.dk apache2 185.180.143.188 - - "HEAD /icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png HTTP/1.1" 400 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
Jan 10 10:33:59 lamp.vlh.dk apache2 [Wed Jan 10 10:33:58.871700 2024] [core:error] [pid 28215] [client 185.180.143.188:55288] AH10244: invalid URI path (/icons/.%2e/%2e%2e/apache2/icons/sphere1.png)
Jan 10 10:33:59 lamp.vlh.dk apache2 185.180.143.188 - - "HEAD /icons/.%2e/%2e%2e/apache2/icons/sphere1.png HTTP/1.1" 400 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"

Is the [core:error] indication of the apache2-process actually crashing?

Is this something like a new attack? (I only see this dating back to mid december, and only about twice a week from a couple different IPs)
Code:
Dec 16 18:02:17 lamp.vlh.dk apache2 [Sat Dec 16 18:02:16.571809 2023] [core:error] [pid 27578] [client 45.156.128.7:44010] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png)
Dec 16 18:02:17 lamp.vlh.dk apache2 [Sat Dec 16 18:02:16.884636 2023] [core:error] [pid 6866] [client 45.156.128.7:44114] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png)
Dec 16 18:02:17 lamp.vlh.dk apache2 [Sat Dec 16 18:02:17.166994 2023] [core:error] [pid 7332] [client 45.156.128.7:44236] AH10244: invalid URI path (/icons/.%2e/%2e%2e/apache2/icons/sphere1.png)
Dec 17 09:37:37 lamp.vlh.dk apache2 [Sun Dec 17 09:37:37.227306 2023] [authz_core:error] [pid 3329] [client 35.216.190.15:43408] AH01630: client denied by server configuration: /var/www/localhost/htdocs/server-status
Dec 22 20:21:57 lamp.vlh.dk apache2 [Fri Dec 22 20:21:56.667555 2023] [core:error] [pid 2294] [client 107.151.182.58:58326] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png)
Dec 22 20:21:57 lamp.vlh.dk apache2 [Fri Dec 22 20:21:57.387541 2023] [core:error] [pid 4721] [client 107.151.182.58:58336] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png)
Dec 22 20:21:58 lamp.vlh.dk apache2 [Fri Dec 22 20:21:58.099993 2023] [core:error] [pid 3330] [client 107.151.182.58:58348] AH10244: invalid URI path (/icons/.%2e/%2e%2e/apache2/icons/sphere1.png)
Dec 28 22:52:55 lamp.vlh.dk apache2 [Thu Dec 28 22:52:54.334429 2023] [core:error] [pid 25112] [client 45.156.129.7:51150] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png)
Dec 28 22:52:55 lamp.vlh.dk apache2 [Thu Dec 28 22:52:54.959928 2023] [core:error] [pid 14702] [client 45.156.129.7:51166] AH10244: invalid URI path (/icons/.%2e/%2e%2e/apache2/icons/sphere1.png)
Dec 28 22:52:56 lamp.vlh.dk apache2 [Thu Dec 28 22:52:55.767430 2023] [core:error] [pid 18513] [client 45.156.129.7:51172] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png)
Dec 31 18:23:46 lamp.vlh.dk apache2 [Sun Dec 31 18:23:46.365115 2023] [authz_core:error] [pid 9266] [client 35.216.236.162:51478] AH01630: client denied by server configuration: /var/www/localhost/htdocs/server-status
Jan 09 10:07:26 lamp.vlh.dk apache2 [Tue Jan 09 10:07:26.194796 2024] [core:error] [pid 1999] [client 185.180.143.188:37696] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png)
Jan 09 10:07:27 lamp.vlh.dk apache2 [Tue Jan 09 10:07:26.840060 2024] [core:error] [pid 1998] [client 185.180.143.188:37712] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png)
Jan 09 10:07:27 lamp.vlh.dk apache2 [Tue Jan 09 10:07:27.498517 2024] [core:error] [pid 2002] [client 185.180.143.188:37720] AH10244: invalid URI path (/icons/.%2e/%2e%2e/apache2/icons/sphere1.png)
Jan 10 10:33:57 lamp.vlh.dk apache2 [Wed Jan 10 10:33:57.535367 2024] [core:error] [pid 1668] [client 185.180.143.188:55260] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png)
Jan 10 10:33:58 lamp.vlh.dk apache2 [Wed Jan 10 10:33:58.199189 2024] [core:error] [pid 2001] [client 185.180.143.188:55272] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png)
Jan 10 10:33:59 lamp.vlh.dk apache2 [Wed Jan 10 10:33:58.871700 2024] [core:error] [pid 28215] [client 185.180.143.188:55288] AH10244: invalid URI path (/icons/.%2e/%2e%2e/apache2/icons/sphere1.png)


Last edited by freke on Wed Jan 10, 2024 3:12 pm; edited 1 time in total
Back to top
View user's profile Send private message
grknight
Retired Dev
Retired Dev


Joined: 20 Feb 2015
Posts: 1921
PostPosted: Wed Jan 10, 2024 3:04 pm    Post subject: Reply with quote
freke wrote:
Is the [core:error] indication of the apache2-process actually crashing?

No, it is just the Apache core module logging an error.
Back to top
View user's profile Send private message
freke
Veteran
Veteran


Joined: 23 Jan 2003
Posts: 1029
Location: Somewhere in Denmark
PostPosted: Wed Jan 10, 2024 3:13 pm    Post subject: Reply with quote
Thanks - just never had core:error before.

I'll add it to my 'don't worry too much' list ;)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy