Apache Access log on Virtualmin has GET requests to strange paths and links with many different IP addresses trying to query

SYSTEM INFORMATION
OS type and version Ubuntu 20.04
Webmin version 2.111
Virtualmin version 7.20.1
Webserver version REQUIRED
Related packages SUGGESTED

As the title I mentioned,

Currently, my website has many GET requests coming from many different IP addresses and queries to strange paths that I do not know with code 301 (permanent redirect). Looks like it’s being hacked?

And even though I disabled the Virtualmin server, the same requests still occurred as usual

Someone please help me.

Please copy/paste the specific log entries you think are interesting/worrying here in text. Reading a screenshot is difficult (and I can’t even see the 301 you’re suggesting is a problem).

Wrap it in triple backticks (```) or click the Preformatted text button in the editor.

172.71.210.132 - - [17/Jul/2024:14:14:13 +0700] "GET /player7/index.php?video=MTZsdlBZSGg3QUdiWWRWajZGZFotbnFDN05hRU5XQVNV HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/124.0.6367.224 Mobile/15E148 Safari/604.1"
172.70.142.59 - - [17/Jul/2024:14:14:11 +0700] "GET /player7/index.php?video=MXdaMFg0cEQ3bm91bHlIZXZnUzV3VVVSLXJqRHh2N1ZP HTTP/1.1" 301 360 "https://viet69vn.me/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.71.215.74 - - [17/Jul/2024:14:14:01 +0700] "GET /player7/index.php?video=MUtqdjZMcGR4QTdmNHlaT3p4dTZHWXk0NzJfaEdCRDJp HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/124.0.6367.224 Mobile/15E148 Safari/604.1"
162.158.114.140 - - [17/Jul/2024:14:13:42 +0700] "GET / HTTP/1.1" 301 570 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Mobile/15E148 Safari/604.1"
172.70.142.140 - - [17/Jul/2024:14:13:18 +0700] "GET /player7/index.php?video=MW5zcHBZM2FpaUFoLWd5aG1vX0g0ZWlJc01GSVZnZXZs HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36"
108.162.227.35 - - [17/Jul/2024:14:13:06 +0700] "GET /player7/index.php?video=MVpEMXdmSnc4TV8zdFNRYUFJelYxUXMzdnZLR0hMallP HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
198.235.24.9 - - [17/Jul/2024:14:12:57 +0700] "GET / HTTP/1.1" 301 526 "-" "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
162.158.91.60 - - [17/Jul/2024:14:12:42 +0700] "GET /player7/index.php?video=MVJOcmROVEhEbUN2X3FFTEVhdmx2LTVzcWZtNy1Wa2VF HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; U; Android 11; en-US; CPH2001 Build/RP1A.200720.011) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/100.0.4896.58 UCBrowser/13.7.5.1321 Mobile Safari/537.36"
172.71.214.192 - - [17/Jul/2024:14:12:35 +0700] "GET /player7/index.php?video=MTU5QllHWkJRb1RCTDNycTJDcjRlMnJhX1dEYXBRYWF0 HTTP/1.1" 301 360 "https://viet69vn.me/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1"
162.158.179.80 - - [17/Jul/2024:14:12:33 +0700] "GET /player7/index.php?video=MTFwcjVja1Z2WHdPVXlINTFqUTY1NFJXZ2swa0cyQmpN HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/324.0.648915268 Mobile/15E148 Safari/604.1"
172.68.118.183 - - [17/Jul/2024:14:12:23 +0700] "GET /player7/index.php?video=MVdmMHdoeEVZdmxDU2NET2lqc2R2R3lDQ3VscUJGVVNh HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/25.0 Chrome/121.0.0.0 Mobile Safari/537.36"
162.158.162.148 - - [17/Jul/2024:14:12:22 +0700] "GET /player7/index.php?video=MWh3Z1NONkM3UnJkazY1RTJrQVROd0pzdVpQSmk3ZWpF HTTP/1.1" 301 316 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/324.0.648915268 Mobile/15E148 Safari/604.1"
172.71.214.192 - - [17/Jul/2024:14:12:20 +0700] "GET /player7/index.php?video=MTU5QllHWkJRb1RCTDNycTJDcjRlMnJhX1dEYXBRYWF0 HTTP/1.1" 301 360 "https://viet69vn.me/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1"
172.71.81.203 - - [17/Jul/2024:14:12:15 +0700] "GET /player7/index.php?video=MVFEQ29TU05wcnFvczhUYWlTMUxCai1WY3hvMVpLZlJr HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"
172.71.219.116 - - [17/Jul/2024:14:12:09 +0700] "GET /player7/index.php?video=MXpzZC1wcWJaeG03eFZycFdoaXQ1TXMwNVpXbW5scDhm HTTP/1.1" 301 360 "https://viet69vn.me/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1"
172.68.242.22 - - [17/Jul/2024:14:12:08 +0700] "GET /player7/index.php?video=MTdJcnhpdHdqYU8yRDNGdVVPTHJuVEwyUjAxakJCM1Nt HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
162.158.114.151 - - [17/Jul/2024:14:12:06 +0700] "GET /player7/index.php?video=MUlBNmRzX0RLSGd3VXNkeFFXUWtBS25qSkEzZUZHNmV1 HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
162.158.179.25 - - [17/Jul/2024:14:12:00 +0700] "GET /player7/index.php?video=MXhRaklCc0ljNmMwTGdDVHFKWHNzODdyc0JDWlBNd29G HTTP/1.1" 301 360 "https://mobiblog.tube/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
162.158.170.30 - - [17/Jul/2024:14:11:51 +0700] "GET /player7/index.php?video=MVpyTS0wSWlkQVAwSk83NzZhRVdLT25HeVZqUEZsYW5Z HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/108.0.5359.52 Mobile/15E148 Safari/604.1"
172.71.214.172 - - [17/Jul/2024:14:11:45 +0700] "GET /player7/index.php?video=MWZaME5lbFZ4Ul8zQjJiN184dnR0eWxnRjViVldkUmtX HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Mobile/15E148 Safari/604.1"
162.158.190.125 - - [17/Jul/2024:14:11:45 +0700] "GET /player7/index.php?video=MV9tdEJXVml6RzJ2Rnhjd09Xa09KbzN0d1hZb0dpc1k4 HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1"
172.71.218.234 - - [17/Jul/2024:14:11:39 +0700] "GET /player7/index.php?video=MTlmS2NVbnRWanMzU0ItaERXMmVsY0g2MmxpNEVsWEZQ HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.68.225.71 - - [17/Jul/2024:14:11:32 +0700] "GET /player7/index.php?video=MUM0TE9wMjhiOXNYdWg2dUVBbVd2dzl6TW9TT1kzSXRh HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
162.158.178.31 - - [17/Jul/2024:14:11:30 +0700] "GET /player7/index.php?video=MTFwcjVja1Z2WHdPVXlINTFqUTY1NFJXZ2swa0cyQmpN HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1"
162.158.179.26 - - [17/Jul/2024:14:11:25 +0700] "GET /player7/index.php?video=MWpadXU3ZDNnUmZRWG9IZ3I1aVdZcGxtSDlIcWxUN2NL HTTP/1.1" 301 360 "https://mobiblog.tube/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
162.158.106.125 - - [17/Jul/2024:14:11:14 +0700] "GET /player7/index.php?video=MXpaREQycHhYUHFFVjZycVZ6VFp2Ri1BSnZyajFDTThY HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.71.82.100 - - [17/Jul/2024:14:10:19 +0700] "GET /player7/index.php?video=MUM0TE9wMjhiOXNYdWg2dUVBbVd2dzl6TW9TT1kzSXRh HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_7_8 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1"
162.158.190.125 - - [17/Jul/2024:14:10:11 +0700] "GET /player7/index.php?video=MUtQUFBzT2hrQ0tKTXdGSlZmX0pkbWVIMGtmWnQwQlpB HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1"
162.158.190.126 - - [17/Jul/2024:14:10:11 +0700] "GET /player7/index.php?video=MUFMWmZYY2lvTmNSZ1BCWk9rYXpJZ0I0Y3JBMEF4a2li HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1"
172.71.30.199 - - [17/Jul/2024:14:09:54 +0700] "GET /player7/index.php?video=MWpqWUxJS3lSX2FUMzBjdlViZ3JYdDdpa1ZzWEhuSFY0 HTTP/1.1" 301 360 "https://viet69vn.me/" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.175 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
108.162.227.71 - - [17/Jul/2024:14:09:50 +0700] "GET /player7/index.php?video=MUM0TE9wMjhiOXNYdWg2dUVBbVd2dzl6TW9TT1kzSXRh HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
162.158.170.251 - - [17/Jul/2024:14:09:40 +0700] "GET /player7/index.php?video=MXkwRjFWTy1PTkEwUENsQ1ZrTTFrb1pLcDItSTQ2V3Zq HTTP/1.1" 301 360 "https://viet69vn.me/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.68.225.43 - - [17/Jul/2024:14:09:38 +0700] "GET /player7/index.php?video=MWpFNUNqdVRFLWxaakZuTTZkeXg4b2RKOXZXcGRSN0pT HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1"
172.68.242.23 - - [17/Jul/2024:14:09:34 +0700] "GET /?file=20 HTTP/1.1" 301 300 "https://vl69.pro/" "Mozilla/5.0 (Linux; U; Android 10; en-us; MI 8 Build/QKQ1.190828.002) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/109.0.5414.118 Mobile Safari/537.36 XiaoMi/MiuiBrowser/18.3.210701"
172.71.219.67 - - [17/Jul/2024:14:09:21 +0700] "GET /player7/index.php?video=MXUwc1hDSU1HN2psdHlnQXVXUUdaZ0FLdVBTczZ1RWNR HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.71.218.235 - - [17/Jul/2024:14:09:05 +0700] "GET /player7/index.php?video=MTNKVmJLcnl3RWdacUNxMFFETktsSmgwNWI3dENka1d0 HTTP/1.1" 301 360 "https://viet69vn.me/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.71.219.67 - - [17/Jul/2024:14:09:03 +0700] "GET /player7/index.php?video=MXo1VlZqOFpZbjFuMEFySEo1Zk54TnJwejZVRHZTY3o0 HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.71.219.68 - - [17/Jul/2024:14:09:03 +0700] "GET /player7/index.php?video=MWswUzNaSEF5Yl9OMWRZY1Z5XzEzNUgtYjhFV2M3ZmFx HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.71.215.27 - - [17/Jul/2024:14:08:54 +0700] "GET /player7/index.php?video=MWpSNWNJUGZhaDZPVDRIQm4tS0ZLYXVLb09NY3dvNjlh HTTP/1.1" 301 360 "https://viet69vn.me/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Mobile/15E148 Safari/604.1"
172.71.215.27 - - [17/Jul/2024:14:08:48 +0700] "GET /player7/index.php?video=MUU1NlJIYlAtN0E0LVRPSVlnRmZjYkdSRS1rOXg3X2Mt HTTP/1.1" 301 360 "https://viet69vn.me/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Mobile/15E148 Safari/604.1"
74.82.47.3 - - [17/Jul/2024:14:08:37 +0700] "GET /.git/config HTTP/1.1" 301 3662 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0"
172.71.210.177 - - [17/Jul/2024:14:08:31 +0700] "GET /player7/index.php?video=MURfLXUtZUhQbnpsTG9hSnREaEhEdlVfcDd0R1NHNnNv HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.71.81.49 - - [17/Jul/2024:14:08:28 +0700] "GET /player7/index.php?video=MXBveV9jbkJJMEdYN0YyU01FSnZFUTdsMTN3Q2pZMk9M HTTP/1.1" 301 333 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1"
172.71.81.50 - - [17/Jul/2024:14:08:28 +0700] "GET /player7/index.php?video=MVd1cmtSRkx5MUpkamE5a21SN1ZMR1BFWVB2ck92MHpm HTTP/1.1" 301 333 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1"
172.71.81.49 - - [17/Jul/2024:14:08:28 +0700] "GET /player7/index.php?video=MXZNN2dqcGN3X1o1bk0yc2FFaExDQkl6c0JXMk85WmVC HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1"
172.71.81.50 - - [17/Jul/2024:14:08:28 +0700] "GET /player7/index.php?video=MUF5OURpaWRQWU12M0pGWUV2aENOVklpa3RpSHdLdGNa HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1"
162.158.107.9 - - [17/Jul/2024:14:08:23 +0700] "GET /?file=20 HTTP/1.1" 301 300 "https://vl69.pro/" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1"
172.71.210.177 - - [17/Jul/2024:14:08:17 +0700] "GET /player7/index.php?video=MVF6T1A5bU5JUnRWOFRpTjVQNm10RE1ySkRoVzZfVmlF HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
162.158.118.18 - - [17/Jul/2024:14:08:04 +0700] "GET /player7/index.php?video=MUp4cEI0UTdVTmY3RmFWc21wZnBFcVBzTUpTVHpHVTBN HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1"
172.71.219.52 - - [17/Jul/2024:14:08:04 +0700] "GET / HTTP/1.1" 301 596 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Mobile/15E148 Safari/604.1"
172.70.189.21 - - [17/Jul/2024:14:08:02 +0700] "GET /player7/index.php?video=MUM0TE9wMjhiOXNYdWg2dUVBbVd2dzl6TW9TT1kzSXRh HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.71.218.13 - - [17/Jul/2024:14:07:59 +0700] "GET /player7/index.php?video=MUVsSmZ3bzlNeWhCSEpVZzN5Rmh5WHN4VFE3a3dOTld4 HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.70.188.30 - - [17/Jul/2024:14:07:59 +0700] "GET /player7/index.php?video=MVQ0VElBaXQxbVY3MmZJYWppNXZXSVJad3U3VTdXOFdq HTTP/1.1" 301 360 "https://viet69vn.me/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36"
172.68.225.45 - - [17/Jul/2024:14:07:49 +0700] "GET /player7/index.php?video=MXY1dHVyRk9KM1dNb0RqelpqZEp0MjRwcmkwRm5hT0pE HTTP/1.1" 301 360 "https://viet69.name/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1"
172.71.82.101 - - [17/Jul/2024:14:07:47 +0700] "GET /player7/index.php?video=MUZPN3J1NWhGV2ZpMzctemZuanhMOHhkclhCZ29GM19B HTTP/1.1" 301 360 "https://viet69vn.me/" "Dalvik/2.1.0 (Linux; U; Android 13; M2102J20SG Build/TKQ1.221013.002)"

301 is the code that will be displayed when I enable the Virtualmin server again. And when I disabled Virtualmin Srv, the queries still succeeded and all returned with code 200

The paths and website names shown in the log are completely unknown to me and contain adult content.

Why do you think that’s a problem? What do you see when you visit one of those URLs when the site is disabled? (You should be redirected to a site disabled page, and that’s what it looks like is happening in these log entries.)

I don’t know clearly,

However, when you have configured WAF on cloudflare to block/limit similar queries, it still shows that the query has been blocked by cloudflare and on the other hand, it still shows success on Virtualmin’s log file.

There are many queries, even more than 10 thousand times.

I’m not sure. however this shows that I seem to have an extremely serious problem

My website absolutely does not have any paths related to /player7/abcxyz…

When accessing the uri containing /player7/abcxyz… it says the link does not exist and the page cannot be found.

The strange thing is that a series of Public IPs from everywhere request to those urls and from there the virtualmin log appears with the content I attached above.

It doesn’t look like a “hack” to me.

I would guess that your domain name was previously hosting those URLs (or, if this is the default vhost on your server, some other thing that resolves to your IP).

Since they’re receiving a static error page, it’s not using a lot of resources, and if you’ve got Cloudflare blocking most of it, you’re probably doing all you can.

I don’t see any reason to panic about it. It is a lot of requests, but porn seems likely to generate a lot of traffic, regardless. They aren’t requests that can cause any damage that I can see, and you can’t control what someone requests from your server. You could setup a fail2ban rule to block all those requests at the firewall, if you wanted to. They aren’t the kind of request fail2ban would normally block, though, so you shouldn’t be surprised Virtualmin isn’t doing anything about it. Cloudflare has a database of problematic hosts…a single web server can only know about who makes requests directly to the server, and these requests aren’t failed auth requests (which is what fail2ban block, by default, and when configured to watch Apache logs).

mod_security can also have rules that detect and respond to stuff like this, if you really wanted to do something else about it.

1 Like

Thank you very much Joe,

I really didn’t want to bother you and the community. When I accidentally saw the strange log, I tried to grope and learn many related documents on the Internet in the past few days and as you can see. I was helpless so I had to go to the forum to ask for help from you guys, especially the Virtualmin department.

Thank you for your advice, I implemented Fail2ban as you mentioned but as you said it didn’t work at all. I will learn more about mod_security and implement it immediately.

You would need to write a rule for this. It isn’t a thing that fail2ban normally cares about.

mod_security probably won’t block it by default, either, as it’s not trying to do anything nefarious, it’s just requesting a URL that doesn’t exist.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.