killdurst
asked on
"google.com/humans.txt" in my log files
Hi, I have a couple of Joomla sites running on a Linux server; xxx.com and yyy.com. The compressed logs are as follows...
xxx.com_access_log-2013090 1.gz
xxx.com_error_log-20130901 .gz
yyy.com_access_log-2013090 1.gz
yyy.com_error_log-20130901 .gz
In these logs I see a few requests from IP address "123.4.567.890" containing "http://www.google.com/humans.txt" as one of the parameters. I have attached some of the logs to this question.
What do the logs mean? Are my sites being scanned or something?
forExpertsExchange.txt
xxx.com_access_log-2013090
xxx.com_error_log-20130901
yyy.com_access_log-2013090
yyy.com_error_log-20130901
In these logs I see a few requests from IP address "123.4.567.890" containing "http://www.google.com/humans.txt" as one of the parameters. I have attached some of the logs to this question.
What do the logs mean? Are my sites being scanned or something?
forExpertsExchange.txt
Don't know what that means but '123.4.567.890' is not a legal IP address. If you substituted that for the real IP address, you should show us the real IP address because that will help tell us whether you're being scanned or they are break in attempts.
ASKER
Ok, the real IP address is 176 . 9 . 242 . 109.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
176.9.242.109 is located in Germany. Do you have any German customers?
ASKER
Yeah, it's an open access site. It's just that this came up in the vulnerability assessment scanning report, classified as network scanning and reconnaissance attempts.
Anyway, I'm wouldn't be surprised if some of the visitors are from Germany.
What I'm wondering is, if some hacker was really trying to scan the sites for vulnerabilities, and if so, what can I do to strengthen the security of my site to prevent this from happening.
Anyway, I'm wouldn't be surprised if some of the visitors are from Germany.
What I'm wondering is, if some hacker was really trying to scan the sites for vulnerabilities, and if so, what can I do to strengthen the security of my site to prevent this from happening.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No exact way to prevent this from happening again. Will just need to improve on the security as best as possible.