"google.com/humans.txt" in my log files

Hi, I have a couple of Joomla sites running on a Linux server; xxx.com and yyy.com. The compressed logs are as follows...


In these logs I see a few requests from IP address "123.4.567.890" containing "http://www.google.com/humans.txt" as one of the parameters. I have attached some of the logs to this question.

What do the logs mean? Are my sites being scanned or something?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
Don't know what that means but '123.4.567.890' is not a legal IP address.  If you substituted that for the real IP address, you should show us the real IP address because that will help tell us whether you're being scanned or they are break in attempts.
killdurstAuthor Commented:
Ok, the real IP address is 176 . 9 . 242 . 109.
Brian UtterbackPrinciple Software EngineerCommented:
Is your site an open access site, i.e. would you be surprised if any one happened to show up in the logs? If it is closed access and shows up, then I might wonder what it was doing there. But if it is open access then the fact that the humans.txt is on the list is not cause for worry, any more than robots.txt or favico.ico. They are just standard infrastructure file locations that may or may not exist and so the browser or search engine might request them without the user even knowing. You said it only showed up a few times, right?
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Dave BaldwinFixer of ProblemsCommented: is located in Germany.  Do you have any German customers?
killdurstAuthor Commented:
Yeah, it's an open access site. It's just that this came up in the vulnerability assessment scanning report, classified as network scanning and reconnaissance attempts.

Anyway, I'm wouldn't be surprised if some of the visitors are from Germany.

What I'm wondering is, if some hacker was really trying to scan the sites for vulnerabilities, and if so, what can I do to strengthen the security of my site to prevent this from happening.
Brian UtterbackPrinciple Software EngineerCommented:
The best way to start is the most obvious:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
My name is MudSystems EngineerCommented:
Fail2ban www.fail2ban.org/¿ 3 strikes = 1 month of ban... or what ever you like!
killdurstAuthor Commented:
No exact way to prevent this from happening again. Will just need to improve on the security as best as possible.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.