1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Am I being hacked

Discussion in 'Apache' started by Dave Bartrum, Nov 21, 2021.

0
  1. #1
    I'm running Apache2 on a WD MyBook Live server (
    Linux version 2.6.32.11-svn70860 (steveh@steveh-pc) (gcc version 4.2.2) #1 Thu May 17 13:32:51 PDT 2012)
    My Apache2 error.log is frequently showing errors like this:
    [Sun Nov 21 17:55:10 2021] [error] [client 45.137.21.9] File does not exist: /var/www/dispatch.asp
    [Sun Nov 21 17:55:10 2021] [error] [client 45.137.21.9] File does not exist: /var/www/Admin/webapp/errordocs
    [Sun Nov 21 17:57:20 2021] [error] [client 137.184.232.16] File does not exist: /var/www/boaform, referer: http://94.7.192.131:80/admin/login.asp

    These IP addresses are outside my home network. Can anyone help me understand what's going on? My access.log doesn't show any requests at these times.
    Thanks
     
    Dave Bartrum, Nov 21, 2021 IP
  2. Dave Bartrum

    Dave Bartrum Peon

    Messages:
    4
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    3
    #2
    Just to add that this Apache server is sitting on my home network and my Broadband Router (Sky Hub) doesn't have any port forwarding rules to this Apache. So how is the traffic getting to my Apache and why don't I see any entries in access.log for these failed requests.
     
    Dave Bartrum, Nov 23, 2021 IP
  3. Dave Bartrum

    Dave Bartrum Peon

    Messages:
    4
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    3
    #3
    Also, I'm running Wireshark on laptop attached to my Broadband router and even when this is running while a similar error message appears in Apache logs:
    [Tue Nov 23 08:57:10 2021] [error] [client 172.93.110.198] File does not exist: /var/www/football, referer: http://www.vv0.com
    [Tue Nov 23 08:57:10 2021] [error] [client 172.93.110.198] File does not exist: /var/www/Admin/webapp/errordocs, referer: http://www.vv0.com

    I don't see ANY TCP packets captured with the ip address of 172.93.110.198 !! What's going on?
     
    Dave Bartrum, Nov 23, 2021 IP
  4. Dave Bartrum

    Dave Bartrum Peon

    Messages:
    4
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    3
    #4
    The issue is now resolved! It turns out that while I don't have any firewall rules on my Sky Hub that allow external traffic to my Apache server, there is also a UPnP section of the Hub, which does have a couple of port forwarding rules allowing traffic on port 80 and 443 to my Apache Server. A friend of mine informed me that the UPnP network protocol allows a device to request the router to set up port forwarding rules. I've now disabled UPnP on the Sky Hub and this has prevented any further unwanted traffic.
     
    Dave Bartrum, Nov 24, 2021 IP
    sarahk likes this.