Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Web Server Log Entry Question
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Web Server Log Entry Question

Not_OlesNot_Oles Moderator, Patron Provider

Hello!

Here is a log snippet from an Apache2 access.log:

5.41.13.252 - - [09/Jun/2022:05:23:50 +0000] "POST /avdhkn HTTP/1.1" 404 497 "-"
"Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KH
TML, like Gecko) Version/10.0 Mobile/14D27 Safari/602.1"
5.41.13.252 - - [09/Jun/2022:05:23:50 +0000] "POST /gbu38w HTTP/1.1" 404 497 "-"
"Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KH
TML, like Gecko) Version/10.0 Mobile/14D27 Safari/602.1"
5.41.13.252 - - [09/Jun/2022:05:23:50 +0000] "POST /rhrzgc HTTP/1.1" 404 502 "-"
"Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KH
TML, like Gecko) Version/10.0 Mobile/14D27 Safari/602.1"
91.227.25.251 - - [09/Jun/2022:05:23:51 +0000] "GET /i4b16nGjRiIl7EFYx1b.YPEWkJ/B
7k?SDvQ-P.WAf=8DC7evsTjj5l45.Cp-W3 HTTP/1.1" 404 435 "-" "Mozilla/5.0 (Windows NT
5.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0"

There are thousands of similar requests from IPs all over. The POST requests are all similar in that they are a slash followed by a 6 character string. The GET requests also are a slash, but followed by a longer string.

What's going on here?

Thanks!

Tom

Comments

Sign In or Register to comment.