Is this log normal or?

lemonmint

Verified User
Joined
Apr 18, 2022
Messages
11
I fine every time when I manual update Let's Encrypt SSL Certificates, and I will get some Failed Logins's log at my directadmin's Brute Force Monitor

16616472930000 54.242.129.61 1 mod_security2 { "host": "mydomain.com", "id": "Ywq5infbsYcBe5-XoSVfqwAAAQA", "uri": "GET /.git/config HTTP/1.1" }
16616472230021 206.189.185.212 1 mod_security2 { "host": "www.mydomain.com", "id": "Ywq5T6VZrxYTtnm9LL_f_wAAAKI", "uri": "GET /.env HTTP/1.1" }
16616472230020 206.189.185.212 1 mod_security2 { "host": "www.mydomain.com", "id": "Ywq5T6VZrxYTtnm9LL_f_gAAAKA", "uri": "GET /.git/config HTTP/1.1" }
16616472230019 139.162.88.197 1 mod_security2 { "host": "www.mydomain.com", "id": "Ywq5SqVZrxYTtnm9LL_f9QAAALs", "uri": "GET /.env HTTP/1.1" }
16616472230018 139.162.88.197 1 mod_security2 { "host": "www.mydomain.com", "id": "Ywq5SqVZrxYTtnm9LL_f9AAAALI", "uri": "GET /.git/config HTTP/1.1" }
16616472230017 170.187.181.59 1 mod_security2 { "host": "mydomain.com", "id": "Ywq5SqVZrxYTtnm9LL_f5wAAAKE", "uri": "GET /.env HTTP/1.1" }
16616472230016 170.187.181.59 1 mod_security2 { "host": "mydomain.com", "id": "Ywq5SqVZrxYTtnm9LL_f5QAAAKI", "uri": "GET /.git/config HTTP/1.1" }
16616472230015 178.62.7.249 1 mod_security2 { "host": "mydomain.com", "id": "Ywq5SjKjUbY9dnpoE4TlnwAAAHw", "uri": "GET /.git/config HTTP/1.1" }
16616472230014 178.62.7.249 1 mod_security2 { "host": "mydomain.com", "id": "Ywq5SqVZrxYTtnm9LL_f4gAAAIo", "uri": "GET /.env HTTP/1.1" }
16616472230013 45.79.228.101 1 mod_security2 { "host": "mydomain.com", "id": "Ywq5SjKjUbY9dnpoE4TllwAAAEg", "uri": "GET /.git/config HTTP/1.1" }
16616472230012 45.79.228.101 1 mod_security2 { "host": "mydomain.com", "id": "Ywq5SqVZrxYTtnm9LL_f2gAAAJY", "uri": "GET /.env HTTP/1.1" }
16616472230011 139.162.39.160 1 mod_security2 { "host": "www.mydomain.com", "id": "Ywq5STKjUbY9dnpoE4TljgAAAG4", "uri": "GET /.git/config HTTP/1.1" }
16616472230010 139.162.39.160 1 mod_security2 { "host": "www.mydomain.com", "id": "Ywq5SaVZrxYTtnm9LL_fzQAAALU", "uri": "GET /.env HTTP/1.1" }
16616472230009 137.184.35.147 1 mod_security2 { "host": "mydomain.com", "id": "Ywq5SDKjUbY9dnpoE4TlhwAAAFs", "uri": "GET /.env HTTP/1.1" }
16616472230008 137.184.35.147 1 mod_security2 { "host": "mydomain.com", "id": "Ywq5SDKjUbY9dnpoE4TlhQAAAFc", "uri": "GET /.git/config HTTP/1.1" }
16616472230007 139.59.168.195 1 mod_security2 { "host": "www.mydomain.com", "id": "Ywq5RaVZrxYTtnm9LL_fvQAAAI0", "uri": "GET /.env HTTP/1.1" }
16616472230006 139.59.168.195 1 mod_security2 { "host": "www.mydomain.com", "id": "Ywq5RTKjUbY9dnpoE4TlfAAAAEI", "uri": "GET /.git/config HTTP/1.1" }
16616472230005 54.242.129.61 1 mod_security2 { "host": "mydomain.com", "id": "Ywq5PTKjUbY9dnpoE4TlcwAAAGo", "uri": "GET /.git/config HTTP/1.1" }

Is that normal or they really try to hack my server?

Thank you so much
 
Back
Top