tested on vesta cp (apach2+nginx+Debian 8.7)
this script could be placed into a file called:
#sh -c 'tail -f /var/log/vesta/*.log && tail -f /var/log/nginx/*.log' &
tail -f /var/log/vesta/*.log &
tail -f /var/log/nginx/*.log &
and you can run it every time you are curious what your webserver is currently doing.
18.104.22.168 - - [22/Jan/2017:15:59:55 +0100] POST /wp-login.php HTTP/1.1 "200" 3212 "http://domain.org/wp-login.php" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0" "-"
22.214.171.124 - - [22/Jan/2017:16:00:04 +0100] GET /robots.txt HTTP/1.1 "200" 104 "-" "Mozilla/5.0 (compatible; seoscanners.net/1; +firstname.lastname@example.org)" "-"
126.96.36.199 - - [22/Jan/2017:16:00:05 +0100] POST /wp-cron.php?doing_wp_cron=1485097204.5705420970916748046875 HTTP/1.1 "499" 0 "domain.org/wp-cron.php?doing_wp_cron=1485097204.5705420970916748046875" "WordPress/4.7.1; http://domain.org" "-"
188.8.131.52 - - [22/Jan/2017:16:00:05 +0100] POST /xmlrpc.php HTTP/1.1 "200" 403 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" "-"
184.108.40.206 - - [22/Jan/2017:16:00:06 +0100] GET /wp-login.php HTTP/1.1 "200" 3007 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" "-"
220.127.116.11 - - [22/Jan/2017:16:00:06 +0100] GET /2014/11/06/opendns-mit-fritzbox-7170/ HTTP/1.1 "200" 74294 "-" "Mozilla/5.0 (compatible; seoscanners.net/1; +email@example.com)" "-"
18.104.22.168 - - [22/Jan/2017:16:00:06 +0100] POST /wp-login.php HTTP/1.1 "200" 3965 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" "-"
as you can see massive amounts of access to wp-login.php is done, in order to brute-force into workdpress.
that’s what fail2ban should actually take care of.
domains i found interesting accessing my site:
http://seoscanners.net/ – GoDaddy – “Welcome to: seoscanners.net This Web page is parked for FREE, courtesy of GoDaddy.com.” wtf?
https://ahrefs.com/robot – “Track your backlinks, keywords, brand mentions and know what your competitors are doing”
http://www.google.com/bot.html – of course 😀
One of the traditional problems with independent publishing on the internet has always been the fact that independent publishers often operate as isolated islands within their own website, and spend most of their resources attracting visitors. The rise of corporate providers and social networking services alleviated many of these problems; however centralisation has led to a situation where your content is no longer under your direct control. It is shared fully with corporate advertisers and governments, but ironically you are now often asked to pay money to ensure that your friends can see it. What if you could have advantages of scale and connections that centralisation typically offers whilst maintaining independent control over your own web presence?
The RedMatrix is a super network created from a huge number of smaller independent and autonomous websites – which are linked together into a cooperative publishing and social platform. It consists of an open source webapp providing a complete multi-user decentralised publishing, sharing, and communications system – known as a “hub”. Each hub provides communications (private messaging, chat, blogging, forums, and social networking), along with media management (photos, events, files, web pages, shareable apps) for its members; all in a feature-rich platform. These hubs automatically reach out and connect with each other and the rest of the matrix. Privacy and content ownership always remain under the direct personal control of the individual; and permission to access any item can be granted or denied to anybody in the entire matrix.
What makes the RedMatrix unique is what we call “magic authentication” – which is based on our groundbreaking work in decentralised identity services. No other platform provides this ability. Within the matrix the boundaries between different hubs are blurred or seemingly non-existent. Identity in the matrix is considered transient and potentially nomadic. “Who you are” has nothing to do with “what computer you’re connected to”, and website content can adapt itself according to who is viewing it. You have the ability to “clone” your identity to other hubs; which allows you to continue to communicate with your friends seamlessly if your primary hub is ever disabled (temporarily or permanently).
The RedMatrix is ideal for communities of any size, from private individuals and families to online forums, business websites, and organisations. It can be used by anybody who has communications or web content that they wish to share, but where they desire complete control of whom they share it with.
signup / register: https://friendica.libertypod.com/register