Our of our production servers was not responding via the URL . I was looking at the logs, I am noticing the following. I have altered folder names for confidentiality ( e.g. myxy.com)

Our of our production servers was not responding via the URL . I was looking at the logs, I am noticing the following. I have altered folder names for confidentiality ( e.g. myxy.com)

дэргэд Doulos Xavier -
Хариу нийтлэлийн тоо: 1

Our of our production servers was not responding via the URL . I was looking at the logs, I am noticing the following. I have altered folder names for confidentiality ( e.g. myxy.com)

root@localhost:/var/log/apache2# sudo cat myxy.com-error.log
[Thu Nov 14 04:22:43.652942 2024] [core:error] [pid 549970] [client 47.236.231.80:54374] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1
[Thu Nov 14 04:50:11.846348 2024] [php:error] [pid 554395] [client 78.153.140.177:57790] script '/var/www/myxy.com/public/app_dev.php' not found or unable to stat
[Thu Nov 14 04:50:12.093454 2024] [php:error] [pid 549548] [client 78.153.140.177:59046] script '/var/www/myxy.com/public/app_dev.php' not found or unable to stat

The whois result shows the following.

whois 47.236.231.80

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.
#


NetRange:       47.235.0.0 - 47.246.255.255
CIDR:           47.236.0.0/14, 47.244.0.0/15, 47.246.0.0/16, 47.240.0.0/14, 47.235.0.0/16
NetName:        AL-3
NetHandle:      NET-47-235-0-0-1
Parent:         NET47 (NET-47-0-0-0-0)
NetType:        Direct Allocation
OriginAS:
Organization:   Alibaba Cloud LLC (AL-3)
RegDate:        2016-04-15
Updated:        2017-04-26
Ref:            https://rdap.arin.net/registry/ip/47.235.0.0

Appreciate any pointers.

Үнэлгээний дундаж: -
Doulos Xavier-н хариуд

Re: Our of our production servers was not responding via the URL . I was looking at the logs, I am noticing the following. I have altered folder names for confidentiality ( e.g. myxy.com)

дэргэд Ken Task -
Particularly helpful Moodlers зураг

In your other posting about this, you've followed up and reported that provider had issues and that's why your server was having issues.   You probably should follow up here as well.

But ... since you asked ...

Internet isn't a friendly place - it never was!  Just that there is more news about breaches/hacks/blackhats, etc. than ever before and for whatever reasons - religious/political/military, etc..

Here's some things I do trying to be proactive ...

I install a thing called Logwatch and have it send it's daily reports of yesterdays activity to an account on the server.   Don't have time to look at all the logs to see who is attempting to do what and Logwatch helps.

Security by Obsurity ... I don't run moodle's at document root of a server, but, rather in a directory ... NOT named 'moodle' (that's like a neon sign saying here's how to attack me!).

At document root, I have a semi-static page ... NOT a WordPress.

The script kiddies and bots seem to point their pokes and probes to document root ... they won't find anything there of value.

I install a thing called 'multitail' - has to be compiled ... it alllows me to 'watch' server logs in realtime on one terminal screen.  I can see web server access log and error log, the mail log, the secure log all on one screen.

If I see an ip address appear in all four of those logs, probably a bot or a blackhat and I'll investigate that IP ... if I am un-comfortable with what I see, I'll block that IP address (drop zone) - even if it's from an IP address used by a student/teacher/trainer (my job is to protect the server!!!!)!

The moodle forces login ... minimal display of front page.

Now before you ask, no I don't have tutorials/videos/etc. on how to do above so don't ask!   инээмсэглэл

Important ... keep the moodle up to date - use git for that.  Keep your distro up to date ... that's outside of moodle.  Try to be proactive ... not re-active.

My 2 'sense'!

'SoS', Ken

Үнэлгээний дундаж: -