Log in to Ask a Question

Find the source of Apache2 Access entries?

lamp apache2 2004

asanz 4 years, 6 months ago

so I have a standard LAMP server on Ubuntu 20.04, and in my Apache2 access logs, I'm seeing a ton of:

xx.xx.xx.xx - - [10/May/2020:12:17:57 -0400] "POST /api/payload/ HTTP/1.1" 301 332 "-" "Python-urllib/2.7"
xx.xx.xx.xx - - [10/May/2020:12:17:57 -0400] "GET /api/payload/ HTTP/1.1" 301 588 "-" "Python-urllib/2.7"
xx.xx.xx.xx - - [10/May/2020:12:17:59 -0400] "POST /api/payload/ HTTP/1.1" 301 332 "-" "Python-urllib/2.7"
xx.xx.xx.xx - - [10/May/2020:12:17:59 -0400] "GET /api/payload/ HTTP/1.1" 301 588 "-" "Python-urllib/2.7"

I'v looked around and cant seem to find out where these messages are originating.

THnks for the help!

3 Replies

stevewi 4 years, 6 months ago

These are apache2 log entries…using one of the pre-defined log formats. See:

https://httpd.apache.org/docs/2.4/logs.html

HTTP response code 301 is Moved Permanently -- a permanent redirect.

-- sw

asanz 4 years, 6 months ago

Thanks. I understand what they are, I don't understand what is generating them - both POSTS and GETS

stevewi 4 years, 6 months ago

Do you have a web app written in python? They're being generated by Python-urllib/2.7.

If the IP address is not yours (or localhost), you may have been hacked.

-- sw

Reply

Description

Please enter an answer

Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply