Skip to main content

unknown ip in my access log

Comments

9 comments

  • chanklish
    Mod why was the attachment removed ? how can i show my log then ?!
    0
  • Infopro
    Mod why was the attachment removed ? how can i show my log then ?!

    My apologies, I don't know you and have no need to see something in pdf format. These days thats a bad idea all around. We don't need actual domain names or IP addresses posted to these forums. Please review this thread for more details: Analyzing a compromsed server on the forums is not the best way to go here, I don't think.
    0
  • chanklish
    i just wanted an advice to know if i need system admin services - all the IP and domains shown in the pdf log are not mine
    0
  • Infopro
    Please feel free to post a snip of the log output wrapped in bbcode code tags with partially obfuscated IP addresses. We don't know what the problem is, but there's no need to display the actual IPs from your log, on a public forum. (Even if it is a bad guy.) That might be helpful here.
    0
  • chanklish
    hi infopro these are two examples 139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/images/whm-logo_white.svg HTTP/1.1" 200 0 "https://server.example.com:2087/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087 139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/style_v2_optimized.css HTTP/1.1" 200 0 "https://server.example.com:2087/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087 139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/images/notice-error.png HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1472153805/unprotected/cpanel/style_v2_optimized.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087 139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087 139.194.12x.xxx - - [01/01/2017:16:30:28 -0000] "GET /cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
    71.6.146.xxx - - [12/27/2016:20:39:17 -0000] "GET / HTTP/1.1" 401 0 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36" "-" "-" 2083 - - - [12/27/2016:20:39:18 -0000] "-" 301 0 "" "-" "-" "-" 2082 - - - [12/27/2016:20:39:18 -0000] "-" 301 0 "" "-" "-" "-" 2082 - - - [12/27/2016:20:39:23 -0000] "-" 301 0 "" "-" "-" "-" 2082 127.0.0.1 - - [12/27/2016:20:40:20 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "" "-" "-" "-" 2086 127.0.0.1 - - [12/28/2016:03:56:56 -0000] "GET / HTTP/1.1" 401 0 "" "HTTP-Tiny/0.058" "-" "-" 2086 66.240.219.xxx - - [12/28/2016:07:24:02 -0000] "GET / HTTP/1.1" 301 0 "" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" "-" "-" 2086 66.240.219.xxx - - [12/28/2016:07:24:05 -0000] "GET / HTTP/1.1" 401 0 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36" "-" "-" 2087 139.194.12x.xxx - - [01/01/2017:16:30:28 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/images/cp-logo_white.svg HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1472153805/unprotected/cpanel/style_v2_optimized.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
    0
  • Infopro
    Have you noticed the dates on these entries?
    0
  • chanklish
    Have you noticed the dates on these entries?

    yes but i have similar entries in 2019 172.104.133.xxx - - [12/10/2018:17:04:38 -0000] "-" 401 0 "-" "-" "-" "-" 2083 172.104.133.xxx - - [12/10/2018:17:04:39 -0000] "-" 401 0 "-" "-" "-" "-" 2083
    46.188.107.xxx - - [12/10/2018:23:35:49 -0000] "-" 401 0 "-" "-" "-" "-" 2083 176.14.10.xx - - [12/10/2018:23:35:51 -0000] "-" 401 0 "-" "-" "-" "-" 2083
    95.28.230.1xx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2083 128.72.43.xx7 - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2087 46.42.129.xxx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2083 188.244.34.1xx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2087 176.193.125.xx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2096 37.204.192.1xx - - [12/12/2018:13:18:50 -0000] "-" 401 0 "-" "-" "-" "-" 2083
    0
  • Infopro
    None of them are 2019 either. To answer your original question with concern for your account being compromised, I don't think it is.
    0
  • chanklish
    None of them are 2019 either. To answer your original question with concern for your account being compromised, I don't think it is.

    yes i did not choose 2019 specifically as i was trying to show the most of the ip thank you
    0

Please sign in to leave a comment.