A
arubacao
Guest
Hello everybody,
i just set up a ubuntu server on Amazon Web Services and installed apache2, php5 and some php libaries.
With AWS it is only possible to connect to the Server using a .pem certificate file.
I tried to remove all unnecessary modules from apache and php and installed evasive.
I also disabled some dangerous php functions like exec().
To access the current website running on the webserver you have to pass htaccess
I took a look at the access and error log from apache and was a bit worried about the content...
Error.log
I'm especially worried about this line in the error.log:
More information in Attached Files (i wasn't allowed to add something similar to a URL in this text)
Access.log:
(Attached Files)
The ip's causing these logs are all located in China
Can someone explain to me what exactly is happening here, and if i have to worry about it.
Or is it just some scanner who tries to find a weak point?
Best regards,
Chris
i just set up a ubuntu server on Amazon Web Services and installed apache2, php5 and some php libaries.
With AWS it is only possible to connect to the Server using a .pem certificate file.
I tried to remove all unnecessary modules from apache and php and installed evasive.
I also disabled some dangerous php functions like exec().
To access the current website running on the webserver you have to pass htaccess
I took a look at the access and error log from apache and was a bit worried about the content...
Error.log
[Thu Sep 11 01:29:56.950717 2014] [auth_basic:error] [pid 8153] [client 1234] AH01617: user admin: authentication failure for "/manager/html": Password Mismatch
[Thu Sep 11 01:29:57.257738 2014] [auth_basic:error] [pid 6998] [client 1234] AH01618: user root not found: /manager/html
su: must be run from a terminal
[Thu Sep 11 11:13:18.884193 2014] [evasive20:error] [pid 12878] [client 1234] client denied by server configuration: DIRECTORY
I'm especially worried about this line in the error.log:
su: must be run from a terminal
More information in Attached Files (i wasn't allowed to add something similar to a URL in this text)
Access.log:
(Attached Files)
The ip's causing these logs are all located in China
Can someone explain to me what exactly is happening here, and if i have to worry about it.
Or is it just some scanner who tries to find a weak point?
Best regards,
Chris