We help IT Professionals succeed at work.
Get Started

How to prevent Apache from being accessed by spammers

neal wang
neal wang asked
on
189 Views
Last Modified: 2020-01-15
In my apache 2.4 configuration httpd.conf file I have port forwarding and reverse proxy configurations. However it looks like I'm getting foreign spammers trying to forward use my apache to forward to their malicious sites.

I've already set override to this:
<Directory />
    AllowOverride All
    Require all denied
</Directory>

I also set the logs from %h to %{X-Forwarded-For}i (to see the ip addresses)

I see the ip addresses and I put the deny of the website in .htaccess file but I'm still getting a lot of logs from the spammer.

How do I prevent spammers and from spammers blowing up my log files in apache?

Here is an example from my access_log and error-logs

access log:

- - - [10/Jan/2020:00:10:23 +0000] "GET http://www.qyl788.com:777/js/main.min.js?e81cf HTTP/1.1" 302 - "http://www.qyl788.com/" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.127 Chrome/10.0.648.127 Safari/534.16"
- - - [10/Jan/2020:00:10:36 +0000] "GET http://www.qyl788.com:777/js/main.min.js?1b3038fb98e71c3c8597d2f5ae580 HTTP/1.1" 302 - "http://www.qyl788.com/" "Mozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9"

error log:

[Fri Jan 10 01:16:57.258926 2020] [access_compat:error] [pid 74944] [client 115.236.23.214:62608] AH01797: client denied by server configuration: /var/www/html/TP
[Fri Jan 10 01:16:57.596460 2020] [access_compat:error] [pid 74945] [client 115.236.23.214:2029] AH01797: client denied by server configuration: /var/www/html/TP
[Fri Jan 10 01:16:57.937460 2020] [access_compat:error] [pid 74941] [client 115.236.23.214:5508] AH01797: client denied by server configuration: /var/www/html/thinkphp
[Fri Jan 10 01:16:58.283250 2020] [access_compat:error] [pid 74942] [client 115.236.23.214:20863] AH01797: client denied by server configuration: /var/www/html/html
[Fri Jan 10 01:16:58.628610 2020] [access_compat:error] [pid 74943] [client 115.236.23.214:23522] AH01797: client denied by server configuration: /var/www/html/public
[Fri Jan 10 01:17:01.977369 2020] [access_compat:error] [pid 75612] [client 115.236.23.214:27359] AH01797: client denied by server configuration: /var/www/html/TP
[Fri Jan 10 01:17:02.313873 2020] [access_compat:error] [pid 74944] [client 115.236.23.214:41613] AH01797: client denied by server configuration: /var/www/html/elrekt.php
[Fri Jan 10 01:17:02.646828 2020] [access_compat:error] [pid 74947] [client 115.236.23.214:43978] AH01797: client denied by server configuration: /var/www/html/index.php
[Fri Jan 10 01:17:02.996386 2020] [access_compat:error] [pid 74945] [client 115.236.23.214:48089] AH01797: client denied by server configuration: /var/www/html/
[Fri Jan 10 01:32:29.429537 2020] [proxy:error] [pid 74941] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:32:29.429587 2020] [proxy_http:error] [pid 74941] [client 156.252.238.37:15624] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:34:42.850092 2020] [proxy_http:error] [pid 80453] (70007)The timeout specified has expired: [client 156.252.238.33:12880] AH01110: error reading response, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:19.160093 2020] [proxy:error] [pid 82590] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:19.160148 2020] [proxy_http:error] [pid 82590] [client 156.252.238.50:19316] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:19.160417 2020] [proxy:error] [pid 82591] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:19.160464 2020] [proxy_http:error] [pid 82591] [client 156.252.238.50:19252] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:19.160718 2020] [proxy:error] [pid 82592] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:19.160757 2020] [proxy_http:error] [pid 82592] [client 156.252.238.50:19276] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:19.167800 2020] [proxy:error] [pid 82593] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:19.167837 2020] [proxy_http:error] [pid 82593] [client 156.252.238.50:19288] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:20.236770 2020] [proxy:error] [pid 82620] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:20.236770 2020] [proxy:error] [pid 82623] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:20.236873 2020] [proxy_http:error] [pid 82620] [client 156.252.238.50:19396] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:20.236873 2020] [proxy_http:error] [pid 82623] [client 156.252.238.50:19346] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:20.237263 2020] [proxy:error] [pid 82626] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:20.237260 2020] [proxy:error] [pid 82619] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:20.237315 2020] [proxy_http:error] [pid 82626] [client 156.252.238.50:19246] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:20.237315 2020] [proxy_http:error] [pid 82619] [client 156.252.238.50:19248] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
Comment
Watch Question
This problem has been solved!
Unlock 1 Answer and 8 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE