Find the source of Apache2 Access entries?

so I have a standard LAMP server on Ubuntu 20.04, and in my Apache2 access logs, I'm seeing a ton of:

xx.xx.xx.xx - - [10/May/2020:12:17:57 -0400] "POST /api/payload/ HTTP/1.1" 301 332 "-" "Python-urllib/2.7"
xx.xx.xx.xx - - [10/May/2020:12:17:57 -0400] "GET /api/payload/ HTTP/1.1" 301 588 "-" "Python-urllib/2.7"
xx.xx.xx.xx - - [10/May/2020:12:17:59 -0400] "POST /api/payload/ HTTP/1.1" 301 332 "-" "Python-urllib/2.7"
xx.xx.xx.xx - - [10/May/2020:12:17:59 -0400] "GET /api/payload/ HTTP/1.1" 301 588 "-" "Python-urllib/2.7"

I'v looked around and cant seem to find out where these messages are originating.

THnks for the help!

3 Replies

These are apache2 log entries…using one of the pre-defined log formats. See:

HTTP response code 301 is Moved Permanently -- a permanent redirect.

-- sw

Thanks. I understand what they are, I don't understand what is generating them - both POSTS and GETS

Do you have a web app written in python? They're being generated by Python-urllib/2.7.

If the IP address is not yours (or localhost), you may have been hacked.

-- sw


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct