My VPS shutdown because the HDD is filling up and I realized that the microcache.log file is becoming 12GB after I delete it. The content of microcache.log file is:
23.88.110.68 - - [12/Jun/2014:16:09:45 -0400] "GET http://ib.adnxs.com/ttj?id=2168123&position=below HTTP/1.0" 502 166 "battercar.com/?p=436" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2" nocache:
173.208.213.94 - - [12/Jun/2014:16:09:45 -0400] "GET ib.adnxs.com/tt?id=2962937 HTTP/1.0" 502 568 "http://www.existeducation.com/tag/tap/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0" nocache:
(continues thousans of lines...)
How can I repair my VPS? I got tired to delete this file everyday.
VPS : Centos 6 with nginx
Large LOG files should be deleted http://wikitechsolutions.com/2761/microcache-log-file-exceeds-my-vps-hdd
Related
The display of the phpmyadmin home page is not complete. I can't authenticate myself. The server on which I install phpmyadmin already has a web application that works very well
page accueil phpmyadmin
Version phpmyadmin : phpMyAdmin-4.9.10
php : PHP 7.0.33-57+0~20211119.61+debian11~1.gbp5d8ba5 (cli) (built: Nov 19 2021 06:42:48) ( NTS )
OS : Debian11
apache : Server version: Apache/2.4.53 (Debian)
mariadb : Server version: 10.5.15-MariaDB-0+deb11u1 Debian 11
I checked directory permissions issue : www-data owner
I checked acccess.log
myip - - [12/Jun/2022:07:54:00 +0300] "GET /phpmyadmin/js/vendor/jquery/jquery.min.js?v=4.9.10 HTTP/1.1" 200 32517 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36"
myip - - [12/Jun/2022:07:54:00 +0300] "GET /phpmyadmin/themes/pmahomme/img/logo_right.png HTTP/1.1" 200 5969 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36"
myip - - [12/Jun/2022:07:54:00 +0300] "GET /phpmyadmin/themes/dot.gif HTTP/1.1" 200 1702 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36"
myip - - [12/Jun/2022:07:54:00 +0300] "GET /phpmyadmin/themes/pmahomme/css/printview.css?v=4.9.10 HTTP/1.1" 200 2737 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36"
myip - - [12/Jun/2022:07:54:00 +0300] "GET /phpmyadmin/favicon.ico HTTP/1.1" 200 24209 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36"
myip - - [12/Jun/2022:07:54:01 +0300] "GET /phpmyadmin/favicon.ico HTTP/1.1" 200 24209 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36"
I checked error.log
no error
I removed the ssl, but in port 80 same problem
I have a Spring Boot app running on Beanstalk and I recently want to make my entire site secured by HTTPS, so I would like to redirect all HTTP traffic to HTTPS by default.
I have already installed my SSL Cert with Amazon Certificate Manager and it is used by my Amazon ELB load balancer, so the HTTPS will terminate there.
Currently, the load balancer is configured with ports mapping like this:
I also noticed that by default there is also an nginx on the load balancer that listens on port 80( instance port ) and then forwards it to my Spring Boot app finally.
So I tried to do the redirection by putting this conf file at .ebextensions/nginx/conf.d/elasticbeanstalk/00_nginx_https_rw.conf and the .ebextensions folder sits locally under src/main/resources in my Spring Boot repo :
files:
"/tmp/45_nginx_https_rw.sh":
owner: root
group: root
mode: "000644"
content: |
#! /bin/bash
CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp_healthd.conf`
if [ $CONFIGURED = 0 ]
then
sed -i '/listen 80;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /opt/elasticbeanstalk/support/conf/webapp_healthd.conf
logger -t nginx_rw "https rewrite rules added"
exit 0
else
logger -t nginx_rw "https rewrite rules already set"
exit 0
fi
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
04_reload_nginx:
command: "sudo service nginx reload"
I deployed my Spring Boot app with that conf file and also did "Restart App Server(s)" in Beanstalk, but it still will not redirect from HTTP to HTTPS
I also tried this for my conf file as well and it also does not work:
listen 80;
# ELB stores the protocol used between the client
# and the load balancer in the X-Forwarded-Proto request header.
# Check for 'https' and redirect if not
if ($http_x_forwarded_proto != 'https') {
rewrite ^ https://$host$request_uri? permanent;
}
server_name mothersquad.com www.mothersquad.com
This is where I put my conf file:
These is my Nginx access.log when I try to go to the HTTP version of my site:
172.31.42.155 - - [28/Sep/2017:07:38:53 +0000] "GET /health_check HTTP/1.1" 200 2 "-" "ELB-HealthChecker/1.0" "-"
172.31.42.155 - - [28/Sep/2017:07:39:03 +0000] "GET /health_check HTTP/1.1" 200 2 "-" "ELB-HealthChecker/1.0" "-"
172.31.42.155 - - [28/Sep/2017:07:39:13 +0000] "GET /health_check HTTP/1.1" 200 2 "-" "ELB-HealthChecker/1.0" "-"
172.31.42.155 - - [28/Sep/2017:07:39:23 +0000] "GET /health_check HTTP/1.1" 200 2 "-" "ELB-HealthChecker/1.0" "-"
172.31.42.155 - - [28/Sep/2017:07:39:23 +0000] "GET / HTTP/1.1" 200 93279 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:23 +0000] "GET /css/landing.css HTTP/1.1" 200 13132 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:23 +0000] "GET /css/landing_bootstrap.css HTTP/1.1" 200 134640 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:23 +0000] "GET /js/landing.js HTTP/1.1" 200 5627 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/logo.png HTTP/1.1" 200 6830 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/tracery.png HTTP/1.1" 200 23045 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/squad-photo-4.jpg HTTP/1.1" 200 17441 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/squad-photo-1.jpg HTTP/1.1" 200 24258 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/squad-photo-2.jpg HTTP/1.1" 200 20504 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/squad-photo-5.jpg HTTP/1.1" 200 18711 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/squad-photo-3.jpg HTTP/1.1" 200 20686 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/virtualgroup.jpg HTTP/1.1" 200 46406 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/squad-photo-6.jpg HTTP/1.1" 200 21364 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/squad-photo-7.jpg HTTP/1.1" 200 18472 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/tracery-red.png HTTP/1.1" 200 2500 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/bg1.jpg HTTP/1.1" 200 48181 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
172.31.42.155 - - [28/Sep/2017:07:39:24 +0000] "GET /images/landing/bg2.jpg HTTP/1.1" 200 116554 "http://www.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.113.254.101"
I did not see any errors in errors.log
What else did I miss? Thanks
If you've installed your certificate onto the load balancer, I recommend terminating SSL at the LB (assuming that your VPC is secure). Try setting the parameter server.use-forward-headers in your application properties to true. This will cause your boot app to honor the X-Forwarded-Proto and X-Forward-For headers.
Once this is complete, remove the port 80 listener on your LB so your app can only be accessed over 443.
I have joomla 3 on my host . i have also installed RSfirewall and have captcha on all my forms. It seems someone is unsing a distructive robot to use all my resources and my monthly bandwidth limit.
Is there a way or joomla plugin that restirct specify service to each ip in a period of time? for example 20 request in 5 mintues? This is part of my raw access log:
185.165.40.80 - - [12/Nov/2016:13:46:30 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:46:30 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:46:56 +0330] "GET /index.php/information/bulletin-board/item/376-aghaze-tabtename-doreye-ghayeghrani HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.165.40.80 - - [12/Nov/2016:13:49:50 +0330] "GET /?format=feed&type=rss HTTP/1.0" 500 7309 "-" "Feedly/1.0 (+http://www.feedly.com/fetcher.html; like FeedFetcher-Google)"
185.165.40.80 - - [12/Nov/2016:13:50:16 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Mobile/14A456 Safari/602.1"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:40 +0330] "GET /information/bulletin-board?switch_modes=2 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:51:35 +0330] "GET /information/bulletin-board/item/359-happy-new-year-from-dr-fotuhi HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:51:53 +0330] "GET /events/sport-events/item/385-docharkhe-savari-chitgar-12-ordibehesht94 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:52:47 +0330] "GET /information/news/item/288-dore4 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:52:51 +0330] "GET /index.php/information/item/504-2015-08-16-07-06-53?tmpl=component&print=1 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:55:45 +0330] "GET /information/bulletin-board/item/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94 HTTP/1.0" 500 7309 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:55:45 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://www.alumsharif.org/information/bulletin-board/item/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:56:40 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:56:40 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:00 +0330] "GET /information/news/item/747-shahram-nazero-concert?tmpl=component&print=1 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:57:07 +0330] "GET / HTTP/1.0" 500 7309 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:08 +0330] "GET / HTTP/1.0" 500 7309 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:08 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:09 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:18 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:57:18 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:57:18 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:58:10 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:58:11 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:58:11 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:59:49 +0330] "GET /information/advertisement/itemlist/category/24-documents-and-resources?format=feed&type=rss HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:59:49 +0330] "GET /information/job-opportunities/item/688-takhfifan-co-job-ads?tmpl=component&print=1 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:14:01:09 +0330] "GET /administrator/index.php?option=com_rsfirewall&view=logs HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon-120x120-precomposed.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon-120x120.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon-precomposed.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:11 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:12 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:44 +0330] "GET /component/jcomments/feed/com_k2/363 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:14:02:22 +0330] "GET /information/bulletin-board/item/376-aghaze-tabtename-doreye-ghayeghrani/376-aghaze-tabtename-doreye-ghayeghrani HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.165.40.80 - - [12/Nov/2016:14:03:44 +0330] "GET /information/job-opportunities/item/694-tejarat-electronic-iranian-co-job-ad HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.165.40.80 - - [12/Nov/2016:14:04:13 +0330] "GET /information/graduates-and-media/item/100-farzad-vahid-speech-about-rousseau/100-farzad-vahid-speech-about-rousseau HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
.
I personally do not think that blocking access to joomla should happen via a joomla module. Via this way the access already happen. So I personally block access directly on the server rather then in the application. Back in time I had a customer who had issues with HTTP spiders who only downloaded some content from his website in order to re-use the content on there own. We ended up using .htaccess files as written here or here. If that isnĀ“t an option for you, you might wish to implement some kind of QoS (e.g. MOD QoS for Apache). You can also try to optimize your joomla instance (e.g. compress HTML code & pictures) so that there will be less files transfered. For Joomla there are multiple plugins which can do a HTML (inc. CSS) compression. For Images you could run a check against Google Pagespeed and then compress the images which are announced there. Many images on websites can be compressed without that the user really see an difference (see an example here).
Im not sure that this is an answer that you can use, but we were faced with the same problem, so with RSFirewall, we engaged the GeoIP blocking feature, and well, blocked all the countries that we KNEW we weren't doing business with.
Two things happened:
The vast majority of the bad traffic was blocked by RSFirewall, and
With logging of those blocks turned on, we were able to use the logging database to find the repeat offenders and use THAT information to block them in .htaccess.
It was a gradual process, watching logs, and gradually easing back on what was automatically blocked, but there is no silver bullet for these guys unfortuately.
Another possibility, which I've bookmarked, but haven't tried yet, is a PHP class that is being actively developed called Web App Firewall. I can't recommend it, as I haven't tried it, but it might give you some ideas about how you could identify and block certain traffic by implementing it into a Joomla system plugin.
All above advises were true and helped me i also programmed a custom PHP code that runs whenever index.php is requested and then I blocked access by hotlink(Direct access) It helped me a lot but still didn't completely solve the problem.
Recently I found the best solution... I started to use a website called CloudFlare.. it works a proxy between my site and user... it completely controls requests and activities and also improves site speed and reduce bandwidth used significantly by caching. it also provides free SSH and tons of feature. after I started using it everything is safe and site is working faster and without any problem...I wanted to advise u guys to use this great service
www.cloudflare.com
I have an apache 2.4.6 running on a linux machine and a tomcat 7 configured on the same machine. I have also setup a proxy pass to access the java application deployed in webapps directory of tomcat7,
The issue is - When I try to access the application, using the tomcat's direct URL - servername:8081/test/test, everything loads fine; But if I try to access it using webserver URL - servername/test, it doesn't displays the images on browser.
Sorry, I am not able to post the links as I dont have reputation points :(
From apache server logs -
10.12.109.125 - - [28/Sep/2016:13:24:52 -0400] "GET /test/jquery/js/jquery.js HTTP/1.1" 404 1003 "severname/test/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/53.0.2785.116 Safari/537.36"
10.12.109.125 - - [28/Sep/2016:13:24:52 -0400] "GET /test/test.css HTTP/1.1" 404 979 "servername/test/" "Mozilla/5.0 (Windows NT 6.1;
Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/53.0.2785.116 Safari/537.36"
10.12.109.125 - - [28/Sep/2016:13:24:52 -0400] "GET /test/images/testLogo3.png HTTP/1.1" 404 1003 "servername/test/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/53.0.2785.116 Safari/537.36"
10.12.109.125 - - [28/Sep/2016:13:24:53 -0400] "GET /test/images/userImages/431724552455061171logo.png HTTP/1.1" 404 1053
"severname/test/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116
Safari/537.36"
Any clues as to what am I am missing here ?
Configuration follows:
<VirtualHost *:80>
ServerName test.testsystems.com
ProxyRequests off
ProxyPreserveHost on
<Proxy *>
Require all granted
</Proxy>
ProxyPass /examples ajp://test.testsystems.com:8009/examples
ProxyPass /test/ ajp://test.testsystems.com:8009/test/test
ProxyPassReverse /test/ ajp://test.testsystems.com:8009/test/test
</VirtualHost>
After downloading & installing sonar (v3.6.2) I am getting the below error when running the analysis through maven (sonar:sonar)
[ERROR] Failed to execute goal org.codehaus.sonar:sonar-maven-plugin:2.3.1:sonar (default- cli) on project bf-CompositeStub: Execution default-cli of goal org.codehaus.sonar:sonar- maven-plugin:2.3.1:sonar failed: PicoLifecycleException: method 'public void org.sonar.jpa.session.AbstractDatabaseConnector.start()', instance 'org.sonar.jpa.session.DriverDatabaseConnector#134c5ff, java.lang.RuntimeException: wrapper: Cannot open connection to database: SQL driver not found org.h2.Driver -> [Help 1]
The access logs show that the problem is a 404 is being thrown when the jdbc drivers are requested.
I get the same error when directly trying to get the drivers through a remote browser (10.30.32.136:9000/deploy/jdbc-driver.jar)
or on the same box as the web server (curl localhost:9000/deploy/jdbc-driver.jar)
However I am able to browse the sonar site from a remote browser.
Here are the jetty access logs.
10.30.32.29 - - [30/Jul/2013:08:44:16 +0000] "GET / HTTP/1.1" 200 3323 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:08:44:21 +0000] "GET /dependencies/index HTTP/1.1" 200 2159 "http://10.30.32.136:9000/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:08:44:23 +0000] "GET /comparison/index HTTP/1.1" 200 4356 "http://10.30.32.136:9000/dependencies/index" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:08:44:24 +0000] "GET /dashboard/?did=5 HTTP/1.1" 200 3336 "http://10.30.32.136:9000/comparison/index" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:08:45:12 +0000] "GET /deploy/jdbc-driver.jar HTTP/1.1" 404 1034 "-" "Java/1.6.0_29"
10.30.32.29 - - [30/Jul/2013:09:30:07 +0000] "GET / HTTP/1.1" 200 3323 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:09:30:11 +0000] "GET /deploy/jdbc-driver.jar HTTP/1.1" 404 1034 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:09:30:11 +0000] "GET /favicon.ico HTTP/1.1" 404 1034 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
127.0.0.1 - - [30/Jul/2013:09:31:25 +0000] "GET /deploy/jdbc-driver.jar HTTP/1.1" 404 1034 "-" "curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5"
I have tried changing the context root & using a mysql instance by changing properties in the sonar.properties file and reinstalling sonar completely but get the same issue each time.