My YunoHost server
Hardware: VPS bought online
YunoHost version: latest version (4.3.6)
I have access to my server : only through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes
If yes, please explain: I disable the yunohost api to acces to the webadmin.
Description of my issue
Hi there,
First of all, congratulations for such amazing project! I consider myself a newbie/rookie but using YNH is just fantastic to learn and pretty easy!
Regarding my issue, lately I’ve been found some weird logs in Nginx. Doing a search of the IP I was worried I can see that is from Russia (maybe a bot?) but the strange thing is that they are trying weird things links to acces the server and I’m starting to worry a little bit. I know that I can find some weird logs and this is pretty common, but this logs are just somewhat weird to me. I want to know, in the case this logs are something to be worried, how can I block this particular IP using your tools!
Find attached the logs here, the IP that is worrying me is 45.146.165.37:
/var/log/nginx/access.log:
- 198.54.135.45 - - [09/Feb/2022:14:15:04 +0100] "GET /autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com HTTP/1.1" 302 154 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
- 198.54.135.45 - - [09/Feb/2022:14:15:14 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
- 198.54.135.45 - - [09/Feb/2022:14:15:39 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
- 198.54.135.45 - - [09/Feb/2022:14:16:20 +0100] "GET /autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com HTTP/1.1" 302 154 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
- 198.54.135.45 - - [09/Feb/2022:14:16:33 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
- 198.54.135.45 - - [09/Feb/2022:14:17:07 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
- 198.54.135.45 - - [09/Feb/2022:14:18:01 +0100] "GET /autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com HTTP/1.1" 302 154 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
- 45.146.165.37 - - [09/Feb/2022:15:09:29 +0100] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
- 193.46.254.155 - - [09/Feb/2022:15:12:33 +0100] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"
- 2.183.82.204 - - [09/Feb/2022:15:20:44 +0100] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
- 45.146.165.37 - - [09/Feb/2022:15:40:31 +0100] "GET /index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
- 45.61.188.162 - - [09/Feb/2022:15:54:14 +0100] "GET /static_new6/img/login_bg.png HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36"
- 176.57.189.179 - - [09/Feb/2022:16:08:55 +0100] "HEAD / HTTP/1.1" 302 0 "-" "python-requests/2.21.0"
- 85.202.169.250 - - [09/Feb/2022:16:19:42 +0100] "GET /.env HTTP/1.1" 302 154 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0"
- 85.202.169.250 - - [09/Feb/2022:16:19:42 +0100] "POST / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0"
- 167.94.145.60 - - [09/Feb/2022:16:44:16 +0100] "GET / HTTP/1.1" 302 154 "-" "-"
- 167.94.145.60 - - [09/Feb/2022:16:44:16 +0100] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
- 167.94.145.60 - - [09/Feb/2022:16:44:16 +0100] "PRI * HTTP/2.0" 400 166 "-" "-"
- 167.94.145.60 - - [09/Feb/2022:16:44:16 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
- 167.94.145.60 - - [09/Feb/2022:16:44:16 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
- 192.241.208.172 - - [09/Feb/2022:16:46:22 +0100] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 zgrab/0.x"
- 85.202.169.250 - - [09/Feb/2022:16:51:09 +0100] "GET /_profiler/phpinfo HTTP/1.1" 302 154 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:10 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:10 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:10 +0100] "GET /phpinfo.php HTTP/1.1" 302 154 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:12 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:12 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:13 +0100] "GET /phpinfo HTTP/1.1" 302 154 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:14 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:15 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:15 +0100] "GET /aws.yml HTTP/1.1" 302 154 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:16 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:17 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:17 +0100] "GET /.env.bak HTTP/1.1" 302 154 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:18 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:18 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:19 +0100] "GET /info.php HTTP/1.1" 302 154 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:19 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:19 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:20 +0100] "GET /.aws/credentials HTTP/1.1" 302 154 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:20 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:21 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:21 +0100] "GET /config/aws.yml HTTP/1.1" 302 154 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:22 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:22 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 85.202.169.250 - - [09/Feb/2022:16:51:23 +0100] "GET / HTTP/1.1" 302 154 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
- 45.146.165.37 - - [09/Feb/2022:16:56:44 +0100] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
- 45.146.165.37 - - [09/Feb/2022:16:56:46 +0100] "GET /yunohost/admin HTTP/1.1" 301 178 "https://176.57.189.179:443/?XDEBUG_SESSION_START=phpstorm" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
- 45.146.165.37 - - [09/Feb/2022:16:56:49 +0100] "GET /yunohost/admin/ HTTP/1.1" 200 9010 "https://176.57.189.179:443/yunohost/admin" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
- 71.6.232.4 - - [09/Feb/2022:17:09:47 +0100] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
Thank you in advance!