troubleshooting Question

How to prevent Apache from being accessed by spammers

Avatar of neal wang
neal wang asked on
Linux
8 Comments1 Solution197 ViewsLast Modified:
In my apache 2.4 configuration httpd.conf file I have port forwarding and reverse proxy configurations. However it looks like I'm getting foreign spammers trying to forward use my apache to forward to their malicious sites.

I've already set override to this:
<Directory />
    AllowOverride All
    Require all denied
</Directory>

I also set the logs from %h to %{X-Forwarded-For}i (to see the ip addresses)

I see the ip addresses and I put the deny of the website in .htaccess file but I'm still getting a lot of logs from the spammer.

How do I prevent spammers and from spammers blowing up my log files in apache?

Here is an example from my access_log and error-logs

access log:

- - - [10/Jan/2020:00:10:23 +0000] "GET http://www.qyl788.com:777/js/main.min.js?e81cf HTTP/1.1" 302 - "http://www.qyl788.com/" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.127 Chrome/10.0.648.127 Safari/534.16"
- - - [10/Jan/2020:00:10:36 +0000] "GET http://www.qyl788.com:777/js/main.min.js?1b3038fb98e71c3c8597d2f5ae580 HTTP/1.1" 302 - "http://www.qyl788.com/" "Mozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9"

error log:

[Fri Jan 10 01:16:57.258926 2020] [access_compat:error] [pid 74944] [client 115.236.23.214:62608] AH01797: client denied by server configuration: /var/www/html/TP
[Fri Jan 10 01:16:57.596460 2020] [access_compat:error] [pid 74945] [client 115.236.23.214:2029] AH01797: client denied by server configuration: /var/www/html/TP
[Fri Jan 10 01:16:57.937460 2020] [access_compat:error] [pid 74941] [client 115.236.23.214:5508] AH01797: client denied by server configuration: /var/www/html/thinkphp
[Fri Jan 10 01:16:58.283250 2020] [access_compat:error] [pid 74942] [client 115.236.23.214:20863] AH01797: client denied by server configuration: /var/www/html/html
[Fri Jan 10 01:16:58.628610 2020] [access_compat:error] [pid 74943] [client 115.236.23.214:23522] AH01797: client denied by server configuration: /var/www/html/public
[Fri Jan 10 01:17:01.977369 2020] [access_compat:error] [pid 75612] [client 115.236.23.214:27359] AH01797: client denied by server configuration: /var/www/html/TP
[Fri Jan 10 01:17:02.313873 2020] [access_compat:error] [pid 74944] [client 115.236.23.214:41613] AH01797: client denied by server configuration: /var/www/html/elrekt.php
[Fri Jan 10 01:17:02.646828 2020] [access_compat:error] [pid 74947] [client 115.236.23.214:43978] AH01797: client denied by server configuration: /var/www/html/index.php
[Fri Jan 10 01:17:02.996386 2020] [access_compat:error] [pid 74945] [client 115.236.23.214:48089] AH01797: client denied by server configuration: /var/www/html/
[Fri Jan 10 01:32:29.429537 2020] [proxy:error] [pid 74941] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:32:29.429587 2020] [proxy_http:error] [pid 74941] [client 156.252.238.37:15624] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:34:42.850092 2020] [proxy_http:error] [pid 80453] (70007)The timeout specified has expired: [client 156.252.238.33:12880] AH01110: error reading response, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:19.160093 2020] [proxy:error] [pid 82590] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:19.160148 2020] [proxy_http:error] [pid 82590] [client 156.252.238.50:19316] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:19.160417 2020] [proxy:error] [pid 82591] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:19.160464 2020] [proxy_http:error] [pid 82591] [client 156.252.238.50:19252] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:19.160718 2020] [proxy:error] [pid 82592] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:19.160757 2020] [proxy_http:error] [pid 82592] [client 156.252.238.50:19276] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:19.167800 2020] [proxy:error] [pid 82593] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:19.167837 2020] [proxy_http:error] [pid 82593] [client 156.252.238.50:19288] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:20.236770 2020] [proxy:error] [pid 82620] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:20.236770 2020] [proxy:error] [pid 82623] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:20.236873 2020] [proxy_http:error] [pid 82620] [client 156.252.238.50:19396] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:20.236873 2020] [proxy_http:error] [pid 82623] [client 156.252.238.50:19346] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:20.237263 2020] [proxy:error] [pid 82626] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:20.237260 2020] [proxy:error] [pid 82619] (70007)The timeout specified has expired: AH00957: HTTP: attempt to connect to 67.21.95.219:777 (*) failed
[Fri Jan 10 01:40:20.237315 2020] [proxy_http:error] [pid 82626] [client 156.252.238.50:19246] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
[Fri Jan 10 01:40:20.237315 2020] [proxy_http:error] [pid 82619] [client 156.252.238.50:19248] AH01114: HTTP: failed to make connection to backend: www.qyl788.com, referer: http://www.qyl788.com/
ASKER CERTIFIED SOLUTION
neal wang

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 8 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 8 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros