How to read the nginx log-files

Hi all,
I do no that the support area is not ment to ask basic admin questions. But I’m very concernd in regards of the security of my machine - so I would highly approucheade some help.

I run into some problems with my firefly app and to while searching for the cause I saw in the nginx-logs some foreign IP-adresses (checked it with an website). So my main question is: are entries in the /var/log/nginx/access.log showing login attempts or are this successfully logged in processes?
And if those are only attempts shouldn’t there be a fail2ban rule for them?

Thanks in advance and have a nice day

It really depends on what app exactly you are talking about and what’s exactly in the log …

It’s expected and fine that some foreign IP visit your website because of search-engine crawlers and bot and whatever (pretty much the equivalent of "yes, you bought a house, and people are walking in the street in front of your house, and some of the people are stopping to say “whoa, what a nice house” - no need to call the cops for that)

What’s worrysome is if there are actual login attempts and successful login attemps, but can’t really say much without having an actual piece of log …

1 Like

Hi @Aleks
Thanks for the quick reply. Here are the actiall logs hastebin
My Ip adress is everything else is from africa, china or north-germany (I’m from the south)

Thank you so much!

Wokay and do you have some lines you’re concerned about in particular …? I can’t see anything particularly really suspicious (there a few “buggy” requests related to the ynh panel etc, it’s really noisy and we should fix it at some point, but that doesn’t really prevent things from working)

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.