You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Karol Pomaski <ka...@gmail.com> on 2013/04/13 02:12:23 UTC
[users@httpd] Strange Apache logs - very slow loading time
Hi All,
I need a help. I believe something is wrong. I have recently found a
strange information on my apache error.log:
[Sat Apr 13 00:08:32 2013] [error] (110)Connection timed out: proxy: HTTP:
attempt to connect to 107.6.106.10:80 (*) failed
root@ip-10-145-204-53:~# tail /var/www/shops/88/logs/error.log
[Sat Apr 13 00:08:28 2013] [error] [client 69.171.247.29] SSL Proxy
requested for ecom01088.stores-on.com:80 but not enabled [Hint:
SSLProxyEngine]
[Sat Apr 13 00:08:28 2013] [error] proxy: HTTPS: failed to enable ssl
support for 69.171.247.29:443 (www.facebook.com)
[Sat Apr 13 00:08:28 2013] [error] (110)Connection timed out: proxy: HTTP:
attempt to connect to 107.6.106.10:80 (*) failed
[Sat Apr 13 00:08:29 2013] [error] (110)Connection timed out: proxy: HTTP:
attempt to connect to 107.6.106.10:80 (*) failed
[Sat Apr 13 00:08:30 2013] [error] [client 69.171.247.29] SSL Proxy
requested for ecom01088.stores-on.com:80 but not enabled [Hint:
SSLProxyEngine]
[Sat Apr 13 00:08:30 2013] [error] proxy: HTTPS: failed to enable ssl
support for 69.171.247.29:443 (www.facebook.com)
[Sat Apr 13 00:08:31 2013] [error] [client 69.171.247.29] SSL Proxy
requested for ecom01088.stores-on.com:80 but not enabled [Hint:
SSLProxyEngine]
[Sat Apr 13 00:08:31 2013] [error] proxy: HTTPS: failed to enable ssl
support for 69.171.247.29:443 (www.facebook.com)
[Sat Apr 13 00:08:32 2013] [error] (110)Connection timed out: proxy: HTTP:
attempt to connect to 107.6.106.10:80 (*) failed
[Sat Apr 13 00:08:32 2013] [error] (110)Connection timed out: proxy: HTTP:
attempt to connect to 107.6.106.10:80 (*) failed
And every second the errors are appearing. Is this some kind of DDos
attack? Or the apache is misconfigured?
How can I get rid of this problem?
Thank you very much for any help on this. This is a high priority issue.
Regards,
Karol
Re: [users@httpd] Strange Apache logs - very slow loading time
Posted by Karol Pomaski <ka...@gmail.com>.
On 12/04/2013, at 19:52, Tom Evans <te...@googlemail.com> wrote:
> On Sat, Apr 13, 2013 at 1:45 AM, Karol Pomaski <ka...@gmail.com> wrote:
>> Well I have already blocked the proxy and disabled to mod_proxy module but still the log appears
>>
>>
>> [Sat Apr 13 00:43:57 2013] [error] [client 198.136.28.2] File does not exist: /var/www/shops/88/store/creative, referer: http://www.hurricaneo.com/?paged=2
>> [Sat Apr 13 00:43:57 2013] [error] [client 142.4.118.22] File does not exist: /var/www/shops/88/store/ttj, referer: http://www.assumegame.com/play-39-Ace-Driver-game.html
>
> So what is happening now is that people are still connecting and
> trying to use it as a proxy - port 80 is still open after all. But now
> apache is refusing to proxy them, and instead is looking them up in
> your document root, and so all these ne'er-do-wells are getting 404s
> instead of the content they are requesting.
>
> Give it a few hours(, days, weeks) - it should die down. The problem
> is that often lists are made of open proxies, so even if you are no
> longer acting as an open proxy, you may still be listed.
>
> Cheers
>
> Tom
>
> (Remember to keep and archive these logs, just in case!)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Ok. Thanks very much. I hope they didn't make any malicious stuff using this proxy. Do you know how to limit the proxy just to accept 127.0.0.1?
Regards,
Karol
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Strange Apache logs - very slow loading time
Posted by Tom Evans <te...@googlemail.com>.
On Sat, Apr 13, 2013 at 1:45 AM, Karol Pomaski <ka...@gmail.com> wrote:
> Well I have already blocked the proxy and disabled to mod_proxy module but still the log appears
>
>
> [Sat Apr 13 00:43:57 2013] [error] [client 198.136.28.2] File does not exist: /var/www/shops/88/store/creative, referer: http://www.hurricaneo.com/?paged=2
> [Sat Apr 13 00:43:57 2013] [error] [client 142.4.118.22] File does not exist: /var/www/shops/88/store/ttj, referer: http://www.assumegame.com/play-39-Ace-Driver-game.html
So what is happening now is that people are still connecting and
trying to use it as a proxy - port 80 is still open after all. But now
apache is refusing to proxy them, and instead is looking them up in
your document root, and so all these ne'er-do-wells are getting 404s
instead of the content they are requesting.
Give it a few hours(, days, weeks) - it should die down. The problem
is that often lists are made of open proxies, so even if you are no
longer acting as an open proxy, you may still be listed.
Cheers
Tom
(Remember to keep and archive these logs, just in case!)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Strange Apache logs - very slow loading time
Posted by Karol Pomaski <ka...@gmail.com>.
On Apr 12, 2013, at 7:19 PM, Tom Evans <te...@googlemail.com> wrote:
> On Sat, Apr 13, 2013 at 1:12 AM, Karol Pomaski <ka...@gmail.com> wrote:
>> Hi All,
>>
>> I need a help. I believe something is wrong. I have recently found a strange
>> information on my apache error.log:
>>
>> [Sat Apr 13 00:08:32 2013] [error] (110)Connection timed out: proxy: HTTP:
>> attempt to connect to 107.6.106.10:80 (*) failed
>> root@ip-10-145-204-53:~# tail /var/www/shops/88/logs/error.log
>> [Sat Apr 13 00:08:28 2013] [error] [client 69.171.247.29] SSL Proxy
>> requested for ecom01088.stores-on.com:80 but not enabled [Hint:
>> SSLProxyEngine]
>> [Sat Apr 13 00:08:28 2013] [error] proxy: HTTPS: failed to enable ssl
>> support for 69.171.247.29:443 (www.facebook.com)
>> [Sat Apr 13 00:08:28 2013] [error] (110)Connection timed out: proxy: HTTP:
>> attempt to connect to 107.6.106.10:80 (*) failed
>> [Sat Apr 13 00:08:29 2013] [error] (110)Connection timed out: proxy: HTTP:
>> attempt to connect to 107.6.106.10:80 (*) failed
>> [Sat Apr 13 00:08:30 2013] [error] [client 69.171.247.29] SSL Proxy
>> requested for ecom01088.stores-on.com:80 but not enabled [Hint:
>> SSLProxyEngine]
>> [Sat Apr 13 00:08:30 2013] [error] proxy: HTTPS: failed to enable ssl
>> support for 69.171.247.29:443 (www.facebook.com)
>> [Sat Apr 13 00:08:31 2013] [error] [client 69.171.247.29] SSL Proxy
>> requested for ecom01088.stores-on.com:80 but not enabled [Hint:
>> SSLProxyEngine]
>> [Sat Apr 13 00:08:31 2013] [error] proxy: HTTPS: failed to enable ssl
>> support for 69.171.247.29:443 (www.facebook.com)
>> [Sat Apr 13 00:08:32 2013] [error] (110)Connection timed out: proxy: HTTP:
>> attempt to connect to 107.6.106.10:80 (*) failed
>> [Sat Apr 13 00:08:32 2013] [error] (110)Connection timed out: proxy: HTTP:
>> attempt to connect to 107.6.106.10:80 (*) failed
>>
>> And every second the errors are appearing. Is this some kind of DDos attack?
>> Or the apache is misconfigured?
>> How can I get rid of this problem?
>>
>> Thank you very much for any help on this. This is a high priority issue.
>>
>> Regards,
>> Karol
>>
>
> Er, check your access log very quickly. It looks like you are running
> a forward proxy that people are using to access the web.
>
> Make sure you keep the logs, if they were up to anything malicious,
> you will need them to show the police that it wasn't you.
>
> If you weren't intending on running a forward proxy, add
> "ProxyRequests off" *immediately* and restart.
>
> Cheers
>
> Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Well I have already blocked the proxy and disabled to mod_proxy module but still the log appears
[Sat Apr 13 00:43:57 2013] [error] [client 198.136.28.2] File does not exist: /var/www/shops/88/store/creative, referer: http://www.hurricaneo.com/?paged=2
[Sat Apr 13 00:43:57 2013] [error] [client 142.4.118.22] File does not exist: /var/www/shops/88/store/ttj, referer: http://www.assumegame.com/play-39-Ace-Driver-game.html
[Sat Apr 13 00:43:57 2013] [error] [client 64.31.50.24] File does not exist: /var/www/shops/88/store/creative, referer: http://www.businessadonline.com/index.php?option=com_content&view=article&id=775:Nationwide-increases-ISA-rates-&catid=165
[Sat Apr 13 00:43:57 2013] [error] [client 198.200.33.200] File does not exist: /var/www/shops/88/store/ttj, referer: http://www.amountgame.com/game/play/264/30_Seconds.html
[Sat Apr 13 00:43:57 2013] [error] [client 199.19.111.25] File does not exist: /var/www/shops/88/store/creative, referer: http://www.ddmouse.com/cellphones/rim-opens-blackberry-10-app-submissions-engadget.html
[Sat Apr 13 00:43:57 2013] [error] [client 69.162.126.21] File does not exist: /var/www/shops/88/store/st, referer: http://www.barbiehumana.com/index.php?option=com_content&view=article&id=10771:TD-Bank-profit-rises-29-percent&catid=18&Itemid=9
[Sat Apr 13 00:43:57 2013] [error] [client 208.115.200.210] File does not exist: /var/www/shops/88/store/tt, referer: http://insurish.com/secrets-your-auto-insurance-company-doesnt-want-you-to-know.html
[Sat Apr 13 00:43:57 2013] [error] [client 198.136.30.195] File does not exist: /var/www/shops/88/store/453, referer: http://www.cbdsys.com/?p=175
[Sat Apr 13 00:43:57 2013] [error] [client 69.162.83.86] File does not exist: /var/www/shops/88/store/st, referer: http://domarketings.com/index.php?option=com_content&view=article&id=792:Online-Classified-Ads---A-Valuable-Tool-for-Both-Buyers-and-Sellers&catid=2:business
[Sat Apr 13 00:43:57 2013] [error] [client 198.100.110.36] File does not exist: /var/www/shops/88/store/servlet, referer: http://www.edu-information.com/?p=518
root@ip-10-145-204-53:/var/www/shops/88/logs# tail error.log
[Sat Apr 13 00:43:57 2013] [error] [client 69.162.126.21] File does not exist: /var/www/shops/88/store/st, referer: http://www.barbiehumana.com/index.php?option=com_content&view=article&id=10771:TD-Bank-profit-rises-29-percent&catid=18&Itemid=9
[Sat Apr 13 00:43:57 2013] [error] [client 208.115.200.210] File does not exist: /var/www/shops/88/store/tt, referer: http://insurish.com/secrets-your-auto-insurance-company-doesnt-want-you-to-know.html
[Sat Apr 13 00:43:57 2013] [error] [client 198.136.30.195] File does not exist: /var/www/shops/88/store/453, referer: http://www.cbdsys.com/?p=175
[Sat Apr 13 00:43:57 2013] [error] [client 69.162.83.86] File does not exist: /var/www/shops/88/store/st, referer: http://domarketings.com/index.php?option=com_content&view=article&id=792:Online-Classified-Ads---A-Valuable-Tool-for-Both-Buyers-and-Sellers&catid=2:business
[Sat Apr 13 00:43:57 2013] [error] [client 198.100.110.36] File does not exist: /var/www/shops/88/store/servlet, referer: http://www.edu-information.com/?p=518
[Sat Apr 13 00:43:57 2013] [error] [client 192.74.231.26] File does not exist: /var/www/shops/88/store/ttj, referer: http://www.cleansleeping.com/games-893/2D-Knock-Out-game.html
[Sat Apr 13 00:43:57 2013] [error] [client 208.115.228.53] File does not exist: /var/www/shops/88/store/creative, referer: http://www.clubbyfinance.com/html/how-to-calculate-payment-factor.html/trackback
[Sat Apr 13 00:43:57 2013] [error] [client 199.19.111.24] File does not exist: /var/www/shops/88/store/creative, referer: http://www.yeahmu.com/?p=2211
[Sat Apr 13 00:43:57 2013] [error] [client 198.100.102.4] File does not exist: /var/www/shops/88/store/ttj, referer: http://www.Health-Advertise.com/category/conditions/mentalhealth/
[Sat Apr 13 00:43:57 2013] [error] [client 63.141.233.163] File does not exist: /var/www/shops/88/store/st, referer: http://gamefinan.com/?p=988#comments
I have no idea. It look like proxy but it shouldn't work because the mod_proxy and http_proxy are both disabled.
Regards,
Karol
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Strange Apache logs - very slow loading time
Posted by Tom Evans <te...@googlemail.com>.
On Sat, Apr 13, 2013 at 1:12 AM, Karol Pomaski <ka...@gmail.com> wrote:
> Hi All,
>
> I need a help. I believe something is wrong. I have recently found a strange
> information on my apache error.log:
>
> [Sat Apr 13 00:08:32 2013] [error] (110)Connection timed out: proxy: HTTP:
> attempt to connect to 107.6.106.10:80 (*) failed
> root@ip-10-145-204-53:~# tail /var/www/shops/88/logs/error.log
> [Sat Apr 13 00:08:28 2013] [error] [client 69.171.247.29] SSL Proxy
> requested for ecom01088.stores-on.com:80 but not enabled [Hint:
> SSLProxyEngine]
> [Sat Apr 13 00:08:28 2013] [error] proxy: HTTPS: failed to enable ssl
> support for 69.171.247.29:443 (www.facebook.com)
> [Sat Apr 13 00:08:28 2013] [error] (110)Connection timed out: proxy: HTTP:
> attempt to connect to 107.6.106.10:80 (*) failed
> [Sat Apr 13 00:08:29 2013] [error] (110)Connection timed out: proxy: HTTP:
> attempt to connect to 107.6.106.10:80 (*) failed
> [Sat Apr 13 00:08:30 2013] [error] [client 69.171.247.29] SSL Proxy
> requested for ecom01088.stores-on.com:80 but not enabled [Hint:
> SSLProxyEngine]
> [Sat Apr 13 00:08:30 2013] [error] proxy: HTTPS: failed to enable ssl
> support for 69.171.247.29:443 (www.facebook.com)
> [Sat Apr 13 00:08:31 2013] [error] [client 69.171.247.29] SSL Proxy
> requested for ecom01088.stores-on.com:80 but not enabled [Hint:
> SSLProxyEngine]
> [Sat Apr 13 00:08:31 2013] [error] proxy: HTTPS: failed to enable ssl
> support for 69.171.247.29:443 (www.facebook.com)
> [Sat Apr 13 00:08:32 2013] [error] (110)Connection timed out: proxy: HTTP:
> attempt to connect to 107.6.106.10:80 (*) failed
> [Sat Apr 13 00:08:32 2013] [error] (110)Connection timed out: proxy: HTTP:
> attempt to connect to 107.6.106.10:80 (*) failed
>
> And every second the errors are appearing. Is this some kind of DDos attack?
> Or the apache is misconfigured?
> How can I get rid of this problem?
>
> Thank you very much for any help on this. This is a high priority issue.
>
> Regards,
> Karol
>
Er, check your access log very quickly. It looks like you are running
a forward proxy that people are using to access the web.
Make sure you keep the logs, if they were up to anything malicious,
you will need them to show the police that it wasn't you.
If you weren't intending on running a forward proxy, add
"ProxyRequests off" *immediately* and restart.
Cheers
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org