Apache/PHP errors.log和access.log奇怪的消息 - Apache/PHP errors.log and access.log weird messages

Apache/PHP errors.log and access.log weird messages

本文关键字：log 消息 access PHP errors Apache | 更新日期: 2023-09-27

从昨天开始，我的Apache/PHP服务器开始记录奇怪的消息:以下是日志摘录。error.log:

[Mon Sep 05 12:37:25 2011] [warn] (OS 64)The specified network name is no longer available.  : winnt_accept: Asynchronous AcceptEx failed.
[Mon Sep 05 12:37:25 2011] [error] [client 77.85.194.198] Invalid URI in request 'xec'x18'rN'x03.'xe7'x8c'xe46Cg'x85'x1a'xab'xca
[Mon Sep 05 12:43:37 2011] [warn] (OS 121)The semaphore timeout period has expired.  : winnt_accept: Asynchronous AcceptEx failed.

access.log:

178.37.24.223 - - [05/Sep/2011:12:36:41 +0200] "'xe80'y'xecT'xe5'xb7+'xba'x94'x92'xe4'xe4'xd6'x01Q'"'xe9p'x94'xe3" 200 2977 "-" "-"
77.85.194.198 - - [05/Sep/2011:12:37:25 +0200] "'xec'x18'rN'x03.'xe7'x8c'xe46Cg'x85'x1a'xab'xca" 400 226 "-" "-"
213.87.136.107 - - [05/Sep/2011:12:38:09 +0200] ">R1'x83'xa6'xf5'"'xd3'xe6'x85" 200 2977 "-" "-"
68.10.170.135 - - [05/Sep/2011:12:39:23 +0200] "-" 408 - "-" "-"
89.137.238.149 - - [05/Sep/2011:12:39:46 +0200] "-" 408 - "-" "-"
81.85.202.246 - - [05/Sep/2011:12:41:06 +0200] "-" 408 - "-" "-"
184.164.16.92 - - [05/Sep/2011:12:43:10 +0200] "'x02'xe0'x9fQ'xa1'x89s'x8d'x04'x1f'xb3o'xbc2I'xc4'x1f`>'xfd'x8b&Z'xae'xc0>" 200 2977 "-" "-"
208.54.44.237 - - [05/Sep/2011:12:44:39 +0200] "Zv'xa2'x05'xda'xc9'xe3'x17'xff'x18'xea'xd0}s'x88'xb8'xd3'xf6a'xee'xd6'xad'xf7'x8f|yoU+''x9c'xea'xb4V_'xc8'x1b" 200 2977 "-" "-"
41.78.80.112 - - [05/Sep/2011:12:44:48 +0200] "'xc9'xbf'xc3!{hv:'x84'x83'x03'xeb'x1d'xd0,'xb5" 200 2977 "-" "-"

这只是一个开发服务器，但我已经允许所有访问。htaccess文件，所以我不知道发生了什么。任何想法?

只要你保持你的Apache补丁，就不会有问题。这些是黑客(通常通过僵尸网络)在端口80上的每个IP上尝试的已知漏洞利用。它并不是专门针对你的服务器的，更像是一种"随意开火"的攻击，希望有人运行的是老版本的Apache，这是已知的易受此类攻击的。

似乎机器人正在尝试在您的开发服务器上发现已知漏洞/漏洞，以找到任何漏洞。

如果你愿意，你可以忽略它们，但在我看来，正确的做法是阻止这些ip或限制对你的开发服务器的访问。