Localhost lookups in system log

Discussion in 'General' started by kieron, Aug 3, 2010.

  1. kieron

    kieron New Member

    Hi
    I have noticed a lot of localhost lookups mainly pointing to PHPMyAdmin but this week i have also noticed lookups with the server external IP.
    Not to sure why this is happening an explanation would help here if possible thx in advance

    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:48:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:53:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:58:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:03:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:08:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:13:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:18:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:23:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:28:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:33:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:38:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:43:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:48:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:53:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"

    Im not sure how to stop my own ip for server from doing this and whether it is a problem to be worried about.
    The Server Ip localhost lookups are not recorded in the apache error logs.


    But all of this type are recorded in apache error logs

    localhost||||399||||210.83.230.158 - - [02/Aug/2010:22:22:11 +0100] "GET /nosuichfile.php HTTP/1.1" 404 399 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||406||||210.83.230.158 - - [02/Aug/2010:22:22:12 +0100] "GET /noxdir/nosuichfile.php HTTP/1.1" 404 406 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||405||||210.83.230.158 - - [02/Aug/2010:22:22:12 +0100] "GET /PMA/scripts/setup.php HTTP/1.1" 404 405 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||409||||210.83.230.158 - - [02/Aug/2010:22:22:12 +0100] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 409 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||413||||210.83.230.158 - - [02/Aug/2010:22:22:13 +0100] "GET /admin/mysql/scripts/setup.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||418||||210.83.230.158 - - [02/Aug/2010:22:22:13 +0100] "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 418 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||411||||210.83.230.158 - - [02/Aug/2010:22:22:13 +0100] "GET /admin/pma/scripts/setup.php HTTP/1.1" 404 411 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||407||||210.83.230.158 - - [02/Aug/2010:22:22:14 +0100] "GET /admin/scripts/setup.php HTTP/1.1" 404 407 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||404||||210.83.230.158 - - [02/Aug/2010:22:22:14 +0100] "GET /db/scripts/setup.php HTTP/1.1" 404 404 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||409||||210.83.230.158 - - [02/Aug/2010:22:22:14 +0100] "GET /dbadmin/scripts/setup.php HTTP/1.1" 404 409 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||409||||210.83.230.158 - - [02/Aug/2010:22:22:15 +0100] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 409 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||413||||210.83.230.158 - - [02/Aug/2010:22:22:15 +0100] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||407||||210.83.230.158 - - [02/Aug/2010:22:22:15 +0100] "GET /mysql/scripts/setup.php HTTP/1.1" 404 407 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||412||||210.83.230.158 - - [02/Aug/2010:22:22:16 +0100] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 412 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||414||||210.83.230.158 - - [02/Aug/2010:22:22:16 +0100] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 414 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||407||||210.83.230.158 - - [02/Aug/2010:22:22:16 +0100] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 407 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||407||||210.83.230.158 - - [02/Aug/2010:22:22:17 +0100] "GET /pHpMy/scripts/setup.php HTTP/1.1" 404 407 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||412||||210.83.230.158 - - [02/Aug/2010:22:22:17 +0100] "GET /pHpMyAdMiN/scripts/setup.php HTTP/1.1" 404 412 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||414||||210.83.230.158 - - [02/Aug/2010:22:22:17 +0100] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 414 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||413||||210.83.230.158 - - [02/Aug/2010:22:22:18 +0100] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||408||||210.83.230.158 - - [02/Aug/2010:22:22:18 +0100] "GET /phpMyA/scripts/setup.php HTTP/1.1" 404 408 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||411||||210.83.230.158 - - [02/Aug/2010:22:22:18 +0100] "GET /phpMyAdmi/scripts/setup.php HTTP/1.1" 404 411 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||419||||210.83.230.158 - - [02/Aug/2010:22:22:19 +0100] "GET /phpMyAdmin-2.10.0/scripts/setup.php HTTP/1.1" 404 419 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||419||||210.83.230.158 - - [02/Aug/2010:22:22:19 +0100] "GET /phpMyAdmin-2.11.1/scripts/setup.php HTTP/1.1" 404 419 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
    localhost||||420||||210.83.230.158 - - [02/Aug/2010:22:22:19 +0100] "GET /phpMyAdmin-2.11.10/scripts/setup.php HTTP/1.1" 404 420 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
     
    Last edited: Aug 3, 2010
    kieron, Aug 3, 2010
    #1
  2. falko

    falko Super Moderator Howtoforge Staff

    falko, Aug 3, 2010
    #2
  3. kieron

    kieron New Member

    Hi
    Thanks for your reply i have blocked the ips of the scanners but it is these which are the ip of my server that i was worried about.

    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:48:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:53:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:05:58:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:03:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:08:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:13:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:18:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:23:42 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"
    localhost||||1155||||87.194.131.22 - - [03/Aug/2010:06:28:41 +0100] "GET / HTTP/1.1" 200 1155 "-" "-"

    or are these normal, i have not seen them before untill this week

    Kieron
     
    kieron, Aug 3, 2010
    #3
  4. falko

    falko Super Moderator Howtoforge Staff

    Is 87.194.131.22 an IP address you know? Is it the server's IP?
     
    falko, Aug 4, 2010
    #4
  5. kieron

    kieron New Member

    Hi

    No sorry this ip is my external ip from isp not my server internal ip.

    I have disabled nat loopback on router and they have stopped so i will leave it like that for now.

    # nat loopback (access external IP from inside):

    ip config natloopback=disabled

    Thx again for your reply
     
    Last edited: Aug 5, 2010
    kieron, Aug 4, 2010
    #5

Share This Page