Find the source of Apache2 Access entries?

Question

Find the source of Apache2 Access entries?

lamp apache2 2004

asanz 3 years, 11 months ago

so I have a standard LAMP server on Ubuntu 20.04, and in my Apache2 access logs, I'm seeing a ton of:

xx.xx.xx.xx - - [10/May/2020:12:17:57 -0400] "POST /api/payload/ HTTP/1.1" 301 332 "-" "Python-urllib/2.7"
xx.xx.xx.xx - - [10/May/2020:12:17:57 -0400] "GET /api/payload/ HTTP/1.1" 301 588 "-" "Python-urllib/2.7"
xx.xx.xx.xx - - [10/May/2020:12:17:59 -0400] "POST /api/payload/ HTTP/1.1" 301 332 "-" "Python-urllib/2.7"
xx.xx.xx.xx - - [10/May/2020:12:17:59 -0400] "GET /api/payload/ HTTP/1.1" 301 588 "-" "Python-urllib/2.7"

I'v looked around and cant seem to find out where these messages are originating.

THnks for the help!

3 Replies

stevewi · Answer 1 · May 11, 2020, 4:01 a.m.

stevewi 3 years, 11 months ago

These are apache2 log entries…using one of the pre-defined log formats. See:

https://httpd.apache.org/docs/2.4/logs.html

HTTP response code 301 is Moved Permanently -- a permanent redirect.

-- sw

asanz · Answer 2 · May 11, 2020, 2:42 p.m.

asanz 3 years, 11 months ago

Thanks. I understand what they are, I don't understand what is generating them - both POSTS and GETS

stevewi · Answer 3 · May 11, 2020, 3:16 p.m.

stevewi 3 years, 11 months ago

Do you have a web app written in python? They're being generated by Python-urllib/2.7.

If the IP address is not yours (or localhost), you may have been hacked.

-- sw

Compute

Storage

Databases

Networking

Developer Tools

Delivery

Security

Services

Industries

Pricing

Community

Engage With Us

Find the source of Apache2 Access entries?

3 Replies

Reply

Tips: