suspicious apache error.log

A

arubacao

Guest
Hello everybody,

i just set up a ubuntu server on Amazon Web Services and installed apache2, php5 and some php libaries.

With AWS it is only possible to connect to the Server using a .pem certificate file.
I tried to remove all unnecessary modules from apache and php and installed evasive.
I also disabled some dangerous php functions like exec().
To access the current website running on the webserver you have to pass htaccess

I took a look at the access and error log from apache and was a bit worried about the content...

Error.log
[Thu Sep 11 01:29:56.950717 2014] [auth_basic:error] [pid 8153] [client 1234] AH01617: user admin: authentication failure for "/manager/html": Password Mismatch
[Thu Sep 11 01:29:57.257738 2014] [auth_basic:error] [pid 6998] [client 1234] AH01618: user root not found: /manager/html
su: must be run from a terminal
[Thu Sep 11 11:13:18.884193 2014] [evasive20:error] [pid 12878] [client 1234] client denied by server configuration: DIRECTORY

I'm especially worried about this line in the error.log:
su: must be run from a terminal

More information in Attached Files (i wasn't allowed to add something similar to a URL in this text)

Access.log:
(Attached Files)


The ip's causing these logs are all located in China

Can someone explain to me what exactly is happening here, and if i have to worry about it.
Or is it just some scanner who tries to find a weak point?

Best regards,

Chris
 

Attachments

  • smallaccess.txt
    7.1 KB · Views: 1,338
  • smallerror.txt
    2.9 KB · Views: 1,485



Members online


Top