Trying to get on top of some CPU usage issues and investigate possible malicious activity. As part of this I am curious about lots of dummy connections in the Apache logs. What is the origin of these and why so many?
We run a number of PHP/MySQL web applications. I notice during a very high CPU spike (up to 100% usage) that top
shows Apache creating loads of processes for www-data
which I assume are hits on PHP scripts.
Are the dummy connections a symptom of the problem, or part of the cause? What other things can I look into?
/var/log/apache2/access.log
::1 - - [09/Dec/2019:14:42:32 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:33 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:34 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:35 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:36 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:37 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:38 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:39 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:40 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:46 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:53 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:54 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:55 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:57 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:58 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:59 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:00 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:01 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:02 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:03 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:04 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:05 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:06 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:12 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:13 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:14 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:15 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:16 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:17 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:22 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:23 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:27 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:34 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:38 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:39 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:40 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:41 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:42 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:43 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:44 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:45 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:46 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:47 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:48 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:49 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:50 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:51 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:52 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:53 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:57 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:00 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:03 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:04 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:05 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:06 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
Best Answer
From the Apache documentation:
These requests are perfectly normal and you do not need to worry about them. They can simply be ignored.
You can use .htaccess by redirecting requests from the "internal dummy connection" to an empty file