Q: Security: Has my iMac been compromised?
Hi everyone, I'm recently returning to my studies as a novice web developer. Today I looked my Apache logs for the first time in well over a year. And there are some suspicious accesses to pages I should not be hosting. And unfortunately some of them originate from 127.0.0.1. So I'm wondering if there is malware running on my system.
There are also what appear to be failed attempts to access PHP setup scripts. I'm alarmed that these requests originate from external IP addresses. My iMac is running behind a router that should not be forwarding HTTP requests to internal computers. So I don't even know how these requests could have been made from the named IP addresses.
Can anyone with some security sense help me understand where to start?
Here are the suspicious entries in /var/log/apache2/access.log:
150.70.97.118 - - [14/Oct/2015:09:24:16 +0800] "GET / HTTP/1.1" 200 45
183.60.48.25 - - [14/Oct/2015:09:30:20 +0800] "GET http://www.baidu.com/ HTTP/1.1" 200 45
67.23.72.105 - - [14/Dec/2015:12:46:11 +0800] "GET / HTTP/1.0" 200 45
127.0.0.1 - - [09/Jan/2016:14:00:39 +0800] "GET /announce?info_hash=%a8%c5%8a%2f%a1%ad%fc%d2%98%c4%14%f1%97%90%eb%20ZR%92i&peer _id=-UM1870-%7b%a1%c0%c3%5c%a9%bc%b8pbS5&port=62348&uploaded=0&downloaded=0&left =16384&corrupt=0&key=56FCE29F&event=started&numwant=200&compact=1&no_peer_id=1&i pv6=fe80%3a%3ac62c%3a3ff%3afe1c%3a9cb5 HTTP/1.1" 404 206
127.0.0.1 - - [09/Jan/2016:14:30:44 +0800] "GET /announce?info_hash=%a8%c5%8a%2f%a1%ad%fc%d2%98%c4%14%f1%97%90%eb%20ZR%92i&peer _id=-UM1870-%7b%a1%c0%c3%5c%a9%bc%b8pbS5&port=62348&uploaded=378322944&downloade d=1577058304&left=2265792512&corrupt=0&key=1A63E46F&event=started&numwant=200&co mpact=1&no_peer_id=1&ipv6=fe80%3a%3ac62c%3a3ff%3afe1c%3a9cb5 HTTP/1.1" 404 206
127.0.0.1 - - [09/Jan/2016:15:00:50 +0800] "GET /announce?info_hash=%a8%c5%8a%2f%a1%ad%fc%d2%98%c4%14%f1%97%90%eb%20ZR%92i&peer _id=-UM1870-%7b%a1%c0%c3%5c%a9%bc%b8pbS5&port=62348&uploaded=1191395328&download ed=3565158400&left=269926400&corrupt=0&key=1D3BDF6F&event=started&numwant=200&co mpact=1&no_peer_id=1&ipv6=fe80%3a%3ac62c%3a3ff%3afe1c%3a9cb5 HTTP/1.1" 404 206
127.0.0.1 - - [09/Jan/2016:15:30:54 +0800] "GET /announce?info_hash=%a8%c5%8a%2f%a1%ad%fc%d2%98%c4%14%f1%97%90%eb%20ZR%92i&peer _id=-UM1870-%7b%a1%c0%c3%5c%a9%bc%b8pbS5&port=62348&uploaded=1642004480&download ed=3842285168&left=0&corrupt=0&key=1C21EB07&event=started&numwant=200&compact=1& no_peer_id=1&ipv6=fe80%3a%3ac62c%3a3ff%3afe1c%3a9cb5 HTTP/1.1" 404 206
127.0.0.1 - - [09/Jan/2016:16:00:59 +0800] "GET /announce?info_hash=%a8%c5%8a%2f%a1%ad%fc%d2%98%c4%14%f1%97%90%eb%20ZR%92i&peer _id=-UM1870-%7b%a1%c0%c3%5c%a9%bc%b8pbS5&port=62348&uploaded=2636832768&download ed=3842285168&left=0&corrupt=0&key=C27B5299&event=started&numwant=200&compact=1& no_peer_id=1&ipv6=fe80%3a%3ac62c%3a3ff%3afe1c%3a9cb5 HTTP/1.1" 404 206
127.0.0.1 - - [09/Jan/2016:16:31:03 +0800] "GET /announce?info_hash=%a8%c5%8a%2f%a1%ad%fc%d2%98%c4%14%f1%97%90%eb%20ZR%92i&peer _id=-UM1870-%7b%a1%c0%c3%5c%a9%bc%b8pbS5&port=62348&uploaded=2667307008&download ed=3842285168&left=0&corrupt=0&key=3C87C3AF&event=started&numwant=200&compact=1& no_peer_id=1&ipv6=fe80%3a%3ac62c%3a3ff%3afe1c%3a9cb5 HTTP/1.1" 404 206
::1 - - [01/Feb/2016:10:45:49 +0800] "GET /images/static/icon_alert.gif HTTP/1.1" 404 226
150.70.173.48 - - [14/Feb/2016:13:44:18 +0800] "GET / HTTP/1.1" 200 45
150.70.188.171 - - [14/Feb/2016:14:00:25 +0800] "GET / HTTP/1.1" 200 45
123.151.42.61 - - [14/Feb/2016:15:27:58 +0800] "GET http://www.baidu.com/ HTTP/1.1" 200 45
66.249.66.149 - - [14/Feb/2016:16:07:49 +0800] "GET /robots.txt HTTP/1.1" 404 208
66.249.66.149 - - [14/Feb/2016:16:07:49 +0800] "GET /t%C3%BCrk%C3%A7e-sohbet-ruleti.html HTTP/1.1" 404 225
66.249.74.11 - - [17/Feb/2016:10:45:25 +0800] "GET /robots.txt HTTP/1.1" 404 208
66.249.74.8 - - [17/Feb/2016:10:45:25 +0800] "GET /adana-bayan-arkada%C5%9F-telefon-numaralar%C4%B1.html HTTP/1.1" 404 243
150.70.173.41 - - [17/Feb/2016:10:53:32 +0800] "GET / HTTP/1.1" 200 45
123.151.42.61 - - [25/Feb/2016:13:01:48 +0800] "GET http://www.baidu.com/ HTTP/1.1" 200 45
213.254.129.187 - - [25/Feb/2016:13:11:54 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 226
213.254.129.187 - - [25/Feb/2016:13:12:04 +0800] "GET /pma/scripts/setup.php HTTP/1.1" 404 219
213.254.129.187 - - [25/Feb/2016:13:12:15 +0800] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 223
iMac, Mac OS X (10.7.1)
Posted on Mar 10, 2016 2:45 AM