Is someone testing to hack my web server ?

[SBSP]

I recently got a hosted vm from digital oceans and I'm using go daddy for the hostname.

Just now I copied my web page over, something didnt work due to a php error, so when I checked the apache error log I found all of the below errors.

Looks like a bot or something thats trying to retrieve list of web pages?

[Sun Nov 04 06:25:02.174329 2018] [mpm_prefork:notice] [pid 1552] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sun Nov 04 06:25:02.174463 2018] [core:notice] [pid 1552] AH00094: Command line: '/usr/sbin/apache2'
[Sun Nov 04 08:13:41.894977 2018] [:error] [pid 20335] [client 95.213.177.123:55698] script '/var/www/site.co.za/public_html/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sun Nov 04 12:52:12.864812 2018] [:error] [pid 20337] [client 95.213.177.125:63505] script '/var/www/site.co.za/public_html/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
[Sun Nov 04 14:37:01.192915 2018] [:error] [pid 20337] [client 5.188.210.12:30721] script '/var/www/site.co.za/public_html/echo.php' not found or unable to stat, referer: https://www.google.com/
[Sun Nov 04 15:45:36.157743 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/help.php' not found or unable to stat
[Sun Nov 04 15:45:36.408372 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/java.php' not found or unable to stat
[Sun Nov 04 15:45:36.669101 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/_query.php' not found or unable to stat
[Sun Nov 04 15:45:36.935299 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/test.php' not found or unable to stat
[Sun Nov 04 15:45:37.682447 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/db_cts.php' not found or unable to stat
[Sun Nov 04 15:45:37.933720 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/db_pma.php' not found or unable to stat
[Sun Nov 04 15:45:39.182685 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/logon.php' not found or unable to stat
[Sun Nov 04 15:45:39.437438 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/help-e.php' not found or unable to stat
[Sun Nov 04 15:45:39.681326 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/license.php' not found or unable to stat
[Sun Nov 04 15:45:39.923335 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/log.php' not found or unable to stat
[Sun Nov 04 15:45:40.573121 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/hell.php' not found or unable to stat
[Sun Nov 04 15:45:40.816382 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/pmd_online.php' not found or unable to stat
[Sun Nov 04 15:45:41.085297 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/x.php' not found or unable to stat
[Sun Nov 04 15:45:41.329659 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/shell.php' not found or unable to stat
[Sun Nov 04 15:45:41.571023 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/htdocs.php' not found or unable to stat
[Sun Nov 04 15:45:41.831745 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/desktop.ini.php' not found or unable to stat
[Sun Nov 04 15:45:43.897924 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/z.php' not found or unable to stat
[Sun Nov 04 15:45:44.142917 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/lala.php' not found or unable to stat
[Sun Nov 04 15:45:44.389637 2018] [:error] [pid 20335] [client 140.143.142.207:18577] script '/var/www/site.co.za/public_html/lala-dpr.php' not found or unable to stat
not found or unable to stat
[Sun Nov 04 15:46:25.640779 2018] [:error] [pid 23775] [client 140.143.142.207:26376] script '/var/www/site.co.za/public_html/linuxse.php' not found or unable to stat
[Sun Nov 04 15:46:26.334262 2018] [:error] [pid 23775] [client 140.143.142.207:26376] script '/var/www/site.co.za/public_html/zuoindex.php' not found or unable to stat
[Sun Nov 04 15:46:26.571640 2018] [:error] [pid 23775] [client 140.143.142.207:26376] script '/var/www/site.co.za/public_html/zshmindex.php' not found or unable to stat
[Sun Nov 04 15:46:26.818283 2018] [:error] [pid 23775] [client 140.143.142.207:26376] script '/var/www/site.co.za/public_html/tomcat.php' not found or unable to stat
[Sun Nov 04 15:46:27.054438 2018] [:error] [pid 23775] [client 140.143.142.207:26376] script '/var/www/site.co.za/public_html/ceshi.php' not found or unable to stat
[Sun Nov 04 15:46:27.831805 2018] [:error] [pid 23775] [client 140.143.142.207:26376] script '/var/www/site.co.za/public_html/1hou.php' not found or unable to stat
[Sun Nov 04 15:46:28.671638 2018] [:error] [pid 23775] [client 140.143.142.207:26376] script '/var/www/site.co.za/public_html/ou2.php' not found or unable to stat
[Sun Nov 04 15:46:29.892477 2018] [:error] [pid 23775] [client 140.143.142.207:26376] script '/var/www/site.co.za/public_html/zuos.php' not found or unable to stat
[Sun Nov 04 15:46:30.243076 2018] [:error] [pid 23775] [client 140.143.142.207:26376] script '/var/www/site.co.za/public_html/zuoss.php' not found or unable to stat
[Sun Nov 04 15:46:45.347760 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/zuoshss.php' not found or unable to stat
[Sun Nov 04 15:46:45.591628 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/boots.php' not found or unable to stat
[Sun Nov 04 15:46:46.406895 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/she.php' not found or unable to stat
[Sun Nov 04 15:46:46.646683 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/s.php' not found or unable to stat

[Sun Nov 04 15:47:01.528916 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/repeat.php' not found or unable to stat
[Sun Nov 04 15:47:01.796158 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/ldw.php' not found or unable to stat
[Sun Nov 04 15:47:02.064638 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/api.php' not found or unable to stat
[Sun Nov 04 15:47:02.336181 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/s1.php' not found or unable to stat
[Sun Nov 04 15:47:02.606675 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/xiaodai.php' not found or unable to stat
[Sun Nov 04 15:47:02.873057 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/hello.php' not found or unable to stat
[Sun Nov 04 15:47:03.578465 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/xp.php' not found or unable to stat
[Sun Nov 04 15:47:03.827471 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/1.php' not found or unable to stat
[Sun Nov 04 15:47:04.104340 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/2.php' not found or unable to stat
[Sun Nov 04 15:47:04.374352 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/p.php' not found or unable to stat
[Sun Nov 04 15:47:04.629964 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/1.php' not found or unable to stat
[Sun Nov 04 15:47:04.878343 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/a.php' not found or unable to stat
[Sun Nov 04 15:47:05.127345 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/m.php' not found or unable to stat
[Sun Nov 04 15:47:05.393146 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/conf.php' not found or unable to stat
[Sun Nov 04 15:47:06.078461 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/123.php' not found or unable to stat
[Sun Nov 04 15:47:06.335517 2018] [:error] [pid 20336] [client 140.143.142.207:31948] script '/var/www/site.co.za/public_html/HX.php' not found or unable to stat

 

[WAslayer]

More than likely a script kiddy looking for a way in..

Get Modsecurity and CSF going and you should be okay..

 

[zippy]

Whois


Source: whois.apnic.net
IP Address: 140.143.142.207
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '140.143.0.0 - 140.143.255.255'

% Abuse contact for '140.143.0.0 - 140.143.255.255' is '[email protected]'

inetnum: 140.143.0.0 - 140.143.255.255
netname: TencentCloud
descr: Tencent cloud computing (Beijing) Co., Ltd.
descr: Floor 6, Yinke Building,38 Haidian St,
descr: Haidian District Beijing
country: CN
admin-c: JT1125-AP
tech-c: JX1747-AP
mnt-by: MAINT-CNNIC-AP
mnt-irt: IRT-CNNIC-CN
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNNIC-AP
status: ALLOCATED PORTABLE
last-modified: 2016-08-29T02:48:01Z
source: APNIC

 

[SilverNodashi]

You'll get a lot of those and someone might just get lucky one day and get in. Install ConfigServerFirewall (Free) and Pyxsoft firewall to help block these automated attempts.

 

[irBosOtter]

If you want PM me your site url, I'll run a Trustware Vulnerability scan against the site, just so that you have peace of mind at least (Can mail you the PDF report)

 

[DrJohnZoidberg]

Yes that's completely normal for web servers.

 

[Hamster]

I normally see an increase in "script kiddy" traffic during the middle of the month. Those sub continent 1337 H@X0Rs run out of money about this time, launch burpsuite and what not to try claim bounty.

Then it dies down for a month...rinse, repeat.

 

[SBSP]

After googling a bit, I found that some servers out there collect info about certain web pages. My search was based on php filenames. But after opening the access.log, I could see some attempts to access PHPmyAdmin by passing basic passwords to it. I.E

I have now disabled the phpmyadmin plugin because I only needed it during he initial setup. and blocked the IP involved with ufw.


For the fun of it I also used the php header modifier to redirect to localhost when trying to access /phpmyadmin/index.php

How can set the fw to allow IPs from south africa only ?

 

[Batista]

Interesting, Tencent is a huge company.