I have a VPS on DigitalOcean.  Web server is Nginx web server. I checked the web server log files, including an access log and error log.

The error log always gives information about the strange activities from some IP address.

2019/03/17 03:08:02 [error] 781#781: *140434 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //com/.zip HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//com/.zip"
2019/03/17 03:08:04 [error] 781#781: *140451 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //com/..zip HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//com/..zip"
2019/03/17 03:08:06 [error] 781#781: *140452 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //www.yinfor.com/..zip HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//www.yinfor.com/..zip"
2019/03/17 03:08:07 [error] 781#781: *140453 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //com/.rar HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//com/.rar"
2019/03/17 03:08:08 [error] 781#781: *140454 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //com/..rar HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//com/..rar"
2019/03/17 03:08:10 [error] 781#781: *140456 access forbidden by rule, client: 183.240.196.121, server: www.yinfor.com, request: "HEAD //www.yinfor.com/..rar HTTP/1.1", host: "www.yinfor.com", referrer: "http://www.yinfor.com//www.yinfor.com/..rar"
2019/03/17 06:10:41 [error] 781#781: *145806 access forbidden by rule, client: 192.99.35.63, server: www.yinfor.com, request: "GET /wp-content/uploads/2019/03/settings_auto.php HTTP/1.1", host: "www.yinfor.com"
2019/03/17 13:21:35 [error] 781#781: *160016 access forbidden by rule, client: 139.99.121.91, server: www.yinfor.com, request: "GET /.htaccess?c=askjhGQVFcrwqevq&q=ZWNobyA0Mzc0NTc1NDc7 HTTP/1.1", host: "www.yinfor.com"
2019/03/17 13:22:21 [error] 781#781: *160124 access forbidden by rule, client: 139.99.121.91, server: www.yinfor.com, request: "GET /.well-known.zip HTTP/1.1", host: "www.yinfor.com"
2019/03/17 13:22:22 [error] 781#781: *160125 access forbidden by rule, client: 139.99.121.91, server: www.yinfor.com, request: "GET /.well-known.tar.gz HTTP/1.1", host: "www.yinfor.com"
2019/03/17 13:22:22 [error] 781#781: *160126 access forbidden by rule, client: 139.99.121.91, server: www.yinfor.com, request: "GET /.well-known.gz HTTP/1.1", host: "www.yinfor.com"

You can see the URL requested is so strange. Actually, I banned these IP address already. So the Nginx server recorded the access forbidden log.

I am not banning these IP address, but also want to report it to the AbusedIPDB.

When finding a bad IP address, I will sign in the AbuseIPDB site and report it.

Please enter the information of the behave and the details of the IP log.

 

AbuseIPDB is not just a reporting tool. The registered users can also use its API to check the IP if it is bad or spam IP. It works with Fail2Ban.

David Yin

David is a blogger, geek, and web developer — founder of FreeInOutBoard.com. If you like his post, you can say thank you here

Leave a Reply

Your email address will not be published. Required fields are marked *