How to fetch IP address from a log file? - awk

I am trying to split the IP address into columns, I am new to this and have no idea where to start, hope you can give me a bit of an insight.
My log file
crawl-66-249-64-13.googlebot.com - - [17/Oct/2004:04:40:15 +0100] "GET /robots.txt HTTP/1.0" 200 25 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
66-194-6-72.gen.twtelecom.net - - [17/Oct/2004:04:50:06 +0100] "GET / HTTP/1.1" 200 1727 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312460)"
dup-200-66-220-217.prodigy.net.mx - - [17/Oct/2004:05:36:43 +0100] "GET /midi/main_p.htm HTTP/1.1" 200 1061 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
dup-200-66-220-217.prodigy.net.mx - - [17/Oct/2004:05:37:08 +0100] "GET /favicon.ico HTTP/1.1" 404 1154 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
dup-200-66-220-217.prodigy.net.mx - - [17/Oct/2004:05:37:17 +0100] "GET /midi/mt_pcmid.htm HTTP/1.1" 200 1839 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
dup-200-66-220-217.prodigy.net.mx - - [17/Oct/2004:05:37:24 +0100] "GET /midi/mt_midcp.htm HTTP/1.1" 200 884 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
dup-200-66-220-217.prodigy.net.mx - - [17/Oct/2004:05:37:32 +0100] "GET /midi/mt_mpc.htm HTTP/1.1" 200 3321 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
How to I display only the IP address?


Try this (using substitution and capturing groups) :
gawk '{
print gensub(/[^0-9]*([0-9]{1,3})-([0-9]{1,3})-([0-9]{1,3})-([0-9]{1,3}).*/,
"\\1.\\2.\\3.\\4",
"g",
$0)
}' file.txt
Another approach by DNS resolution :
cut -d' ' -f1 file.txt | xargs dig +short
or with awk :
awk '{print $1}' file.txt | xargs dig +short


You could also use grep and tr:
grep -Eo '([0-9]+-){3}[0-9]+' infile | tr - .
Output:
66.249.64.13
66.194.6.72
200.66.220.217
200.66.220.217
200.66.220.217
200.66.220.217
200.66.220.217


perl -lne 'm/(\d+-\d+-\d+-\d+)\./;$a=$1;$a=~s/-/\./g;print $a' your_file
tested:
> perl -lne 'm/(\d+-\d+-\d+-\d+)\./;$a=$1;$a=~s/-/\./g;print $a' temp
66.249.64.13
66.194.6.72
200.66.220.217
200.66.220.217
200.66.220.217
200.66.220.217
200.66.220.217

Related

Apache access logs indicate GET requests for files I do not want "gotten"

118.24.49.139 - - [25/Sep/2020:12:29:00 -0400] "GET /download/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:03 -0400] "GET /phpmadmin/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:04 -0400] "GET /321/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:04 -0400] "GET /123131/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:05 -0400] "GET /phpMyAdminn/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:06 -0400] "GET /phpMyAdminhf/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:08 -0400] "GET /WWW/phpMyAdmin/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:09 -0400] "GET /phpMyAdmln/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:09 -0400] "GET /phpMyAdmin_ai/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:10 -0400] "GET /__phpMyAdmin/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:10 -0400] "GET /program/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:11 -0400] "GET /shopdb/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:23 -0400] "GET /mysql/dbadmin/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:27 -0400] "GET /mysql/mysqlmanager/index.php HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0)"
118.24.49.139 - - [25/Sep/2020:12:29:28 -0400] "GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php HTTP/1.1" 404 1057 "-" "Mo
This seems questionable at best, but I am fairly certain they are looking for exploits. Hosting using xampp (Apache) on port 80. Can anyone let me know if I should be legitimately worried? It seems troubling but perhaps there is nothing for them to exploit in my very basic setup.

Apache access.log sort ip hits and custom output the results

I've been trying to sort and custom print the results from an apache.log file.
The situation is that I would like to see the results as:
The output should represent total hits per month sorted by month
The output should look like:
Nov 2017 hits count - 12512
Dec 2017 hits count - 10087
Jan 2018 hits count - 12561
Here is part of the access.log for reference:
91.244.19.43 - - [12/Dec/2015:19:02:36 +0100] "GET / HTTP/1.1" 404 239 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
91.244.19.43 - - [12/Dec/2015:19:02:36 +0100] "GET /images/ HTTP/1.1" 200 1963 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
91.244.19.46 - - [12/Dec/2015:19:02:36 +0100] "GET /template/ HTTP/1.1" 200 10004 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
91.244.19.43 - - [12/Dec/2015:19:02:36 +0100] "GET /wp-login.php HTTP/1.1" 200 1801 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
193.47.55.21 - - [12/Dec/2015:19:02:36 +0100] "GET /wp-admin/ HTTP/1.1" 200 1457 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
193.47.55.21 - - [12/Dec/2015:19:02:36 +0100] "GET /template/ HTTP/1.1" 200 3465 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
11.114.21.37 - - [12/Dec/2015:19:02:36 +0100] "GET /wp-login.php HTTP/1.1" 200 4890 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
I came up with something like this:
cat access.log |sort -k1n|awk '{print $4}'|cut -d: -f1|cut -d/ -f2-3|sed 's/\[//g'|tr '/' ' '|sort -k2n -k1M
It does the job, printing the year/month and the hit count, but I need the output to be as the example above. In other words, I want to put the "hits counts" between the time frame and the number value of the actual hits count. Any idea how I can do that?
Thank you in advance.

cat access.log | awk '{ print substr($4,5,3),substr($4,9,4) }' | \
sort -k1 | \
uniq -c | \
gawk '{ print $2,$3,"hits count - ",$1}'
First print month and year,
then sort (not really needed),
then count the uniq lines,
then print month,year,"hits count -", and the number counted.

Apache Reverse Proxying CGI scripts

I have a web application called routers2.cgi which I am trying to proxy via an Apache 2.4 proxy server which does not work at the moment.
Direct URL to the web application server
http://lab.server.com/cgi-bin/routers2.cgi
Reverse proxy URL
https://prod.server.com/routers2
Configuration vhosts.conf from prod.server.com
# routes2.cgi
ProxyPass "/routers2" "http://lab.server.com/cgi-bin/routers2.cgi"
ProxyPassReverse "/routers2" "http://lab.server.com/cgi-bin/routers2.cgi"
ProxyPass "/rrdicons" "http://lab.server.com/routers2/rrdicons"
ProxyPassReverse "/rrdicons" "http://lab.server.com/routers2/rrdicons"
ProxyPass "/graphs" "http://lab.server.com/routers2/graphs"
ProxyPassReverse "/graphs" "http://lab.server.com/routers2/graphs"
Reverse proxy log samples
192.168.1.10 - - [13/Jun/2017:06:40:37 +0000] "GET /routers2 HTTP/1.1" 200 3481
192.168.1.10 - - [13/Jun/2017:06:40:37 +0000] "GET /rrdicons/routers2.css HTTP/1.1" 304 -
192.168.1.10 - - [13/Jun/2017:06:45:57 +0000] "GET /routers2 HTTP/1.1" 200 3481
192.168.1.10 - - [13/Jun/2017:06:45:57 +0000] "GET /rrdicons/routers2.css HTTP/1.1" 304 -
Sample URL from web application access log when accessing directly (no reverse proxy)
192.168.1.9 - - [13/Jun/2017:05:50:46 +0000] "GET /routers2/graphs/devicessystem1.cfg-10.10.1.1_13-ws-x3.png HTTP/1.1" 200 27025 "http://lab.server.com/cgi-bin/routers2.cgi?rtr=devices%2Fsystem1.cfg&bars=Cami&xgtype=w&page=graph&xgstyle=x3&xmtype=routers" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0"
192.168.1.9 - - [13/Jun/2017:05:50:46 +0000] "GET /cgi-bin/routers2.cgi?rtr=devices%2Fsystem1.cfg&bars=Cami&xgtype=w&page=menub&xgstyle=x3&if=_summary_&xmtype=options HTTP/1.1" 200 12437 "http://lab.server.com/cgi-bin/routers2.cgi" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0"
192.168.1.9 - - [13/Jun/2017:05:50:46 +0000] "GET /cgi-bin/routers2.cgi?rtr=devices%2Fsystem1.cfg&bars=Cami&xgtype=w&page=menu&xgstyle=x3&xmtype=routers HTTP/1.1" 200 7847 "http://lab.server.com/cgi-bin/routers2.cgi" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0"
Web application log via reverse proxy
prod.server.com - - [13/Jun/2017:07:21:58 +0000] "GET /cgi-bin/routers2.cgi/ HTTP/1.1" 200 3481 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0"
prod.server.com - - [13/Jun/2017:07:21:58 +0000] "GET /routers2/rrdicons/routers2.css HTTP/1.1" 304 - "https://prod.server.com/routers2/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0"
Does my vhosts ProxyPass and ProxyPassReverse configuration look correct?
Do I need something extra since we are proxying a cgi script?

Fedora cannot log into phppgadmin, but to psql

I have fedora 21 and I want to access postgresql db using phpPgAdmin. To do it I have installed httpd and phppgadmin, postgresql too.
I can log with no problem to pgql using for example
psql -U learning -W template1
or
psql -W template1
but when I enter localhost/phpPgAdmin I cannot log in
the diff between to log in attempts in
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "POST /phpPgAdmin/redirect.php HTTP/1.1" 200 2268 "http://localhost/phpPgAdmin/redirect.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/browser.php HTTP/1.1" 200 3005 "http://localhost/phpPgAdmin/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/themes/default/global.css HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/libraries/js/jquery.js HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/xloadtree/xtree2.js HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/themes/global.css HTTP/1.1" 304 - "http://localhost/phpPgAdmin/themes/default/global.css" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/xloadtree/xloadtree2.js HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/images/themes/default/title.png HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/images/themes/default/Refresh.png HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/images/themes/default/Servers.png HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/images/themes/default/L.png HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/images/themes/default/Loading.gif HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/images/themes/default/I.png HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/servers.php?action=tree HTTP/1.1" 200 275 "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
> 127.0.0.1 - - [04/Mar/2015:17:44:27 +0100] "GET /phpPgAdmin/images/themes/default/DisconnectedServer.png HTTP/1.1" 304 - "http://localhost/phpPgAdmin/browser.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
my /var/lib/pgsql/data/pg_hba.conf is
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 ident
host all all 192.168.1.0/24 ident
# IPv6 local connections:
host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 ident
#host replication postgres ::1/128 ident
my /etc/phpPgAdmin/config.inc.php
$conf['extra_login_security'] = false;
this is as far as I found how to make it work, but I do not how to do it
phpPgAdmin at fail log in tells me "Próba zalogowania nie powiodła się.", which probably is something like "Attemt to log in has failed"
localhost/phpMyAdmin works normally
Can I somehow get reason why I was not logged in? Wrong password, no server etc?
SOLUTION
I have gone easy way, reinstalled fedora and now everything works, but that is actually not a solution :P

Try this.
If this is your IP address range that is accessing your computer then change
host all all 192.168.1.0/24 ident
to this
host all all 192.168.1.0/24 trust
Reload Postgres after you change it. And see if you can login.
You may also need to enable networking by changing this in the postgres conf.
from
listen_addresses='localhost'
to
listen_addresses='*'
Also be sure you have granted all the appropriate priviliges to the user to be able to access that database or any databases your are wanting to manage.
Edit:
It might be an SELinux issue. You can temporarily turn off SELinux for testing by using this command.
setenforce 0
Then test the login and see if it works. If it does work that means selinux is preventing access, you should run this command to allow httpd to continue to work after reboot.
setsebool -P httpd_can_network_connect_db 1

Apache2 flooded with GET Requests [closed]

Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 months ago.
Improve this question
I'm running several services like Redmine, Continuum or Tomcat. Lately all of them have been extremly slow. In the worst cases i had to wait up to 5 minutes just to see the front page of my tomcat server.
I decided to take a look into the access.log file from apache2 and noticed, that my server has been flooded with GET requests. Here's a snipped of the log file.
66.249.67.238 - - [24/Mar/2014:14:10:15 +0100] "GET /maven2/com/sun/jersey/jersey-server/1.7-SNAPSHOT/maven-metadata-maven2-repository.dev.java.net.xml.md5 HTTP/1.1" 500 1084 "-" "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)"
23.239.123.39 - - [24/Mar/2014:14:10:22 +0100] "GET http://ads.yashi.com/12976 HTTP/1.0" 500 1153 "http://www.edunyc.com" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16"
198.13.111.248 - - [24/Mar/2014:14:10:23 +0100] "GET http://ib.adnxs.com/tt?id=2249888&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.thebankparent.com/?p=5426" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; Media Center PC 5.0; .NET CLR 2.0.50727)"
66.249.66.120 - - [24/Mar/2014:14:10:25 +0100] "GET /maven2/org/apache/maven/surefire/surefire-junit/2.4.2/ HTTP/1.1" 500 1084 "-" "DoCoMo/2.0 N905i(c100;TB;W24H16) (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)"
23.91.20.235 - - [24/Mar/2014:14:10:26 +0100] "GET http://ib.adnxs.com/tt?id=2287590&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.agtvbi.com/?cat=1" "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; c .NET CLR 3.0.04506; .NET CLR 3.5.30707; InfoPath.1)"
198.13.111.243 - - [24/Mar/2014:14:10:26 +0100] "GET http://ib.adnxs.com/tt?id=2249973&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.finank.com/?tag=tv" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:5.0) Gecko/20100101 Firefox/5.0"
23.91.20.238 - - [24/Mar/2014:14:10:32 +0100] "GET http://ib.adnxs.com/tt?id=2249973&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.finank.com/?p=12004" "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)"
23.91.20.236 - - [24/Mar/2014:14:10:34 +0100] "GET http://ib.adnxs.com/tt?id=2287590&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.agtvbi.com/?tag=kids" "Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1)"
184.105.203.51 - - [24/Mar/2014:14:10:35 +0100] "GET http://ib.adnxs.com/tt?id=2208504&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.tvlucifer.com/online-videos/friends-and-family/8-near-death-experience-nahtoderfahrung-8.html#comments" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/4.0; FDM; MSIECrawler; Media Center PC 5.0)"
66.249.66.120 - - [24/Mar/2014:14:10:36 +0100] "GET /maven2/org/apache/maven/jxr/jxr/2.2/ HTTP/1.1" 500 1084 "-" "DoCoMo/2.0 N905i(c100;TB;W24H16) (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)"
23.228.234.125 - - [24/Mar/2014:14:10:40 +0100] "GET http://ib.adnxs.com/tt?id=2249888&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.thebankparent.com/?tag=trucks" "Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/5.0"
23.91.20.236 - - [24/Mar/2014:14:10:42 +0100] "GET http://ib.adnxs.com/tt?id=2287590&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.agtvbi.com/?p=31177" "Mozilla/5.0 (X11; CrOS i686 1193.158.0) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7"
23.91.20.238 - - [24/Mar/2014:14:10:44 +0100] "GET http://ib.adnxs.com/tt?id=2249973&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.finank.com/?tag=trance" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"
198.13.111.243 - - [24/Mar/2014:14:10:44 +0100] "GET http://ib.adnxs.com/tt?id=2249973&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.finank.com/?p=5430" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; chromeframe/11.0.696.57)"
23.228.234.121 - - [24/Mar/2014:14:10:49 +0100] "GET http://ib.adnxs.com/tt?id=2249481&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.tvluck.net/?p=272" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar)"
221.215.112.238 - - [24/Mar/2014:14:10:51 +0100] "GET http://www.mmadsgadget.com/t?id=9c527de6-0d69-4d59-af9e-09e2ee635eaa&size=300x250 HTTP/1.0" 500 1075 "http://www.travelandleisure.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
72.52.98.142 - - [24/Mar/2014:14:10:59 +0100] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=5141612&pub_url=${PUB_URL} HTTP/1.0" 500 1153 "http://www.wdhcc.com/?p=13760" "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322)"
23.91.20.235 - - [24/Mar/2014:14:11:03 +0100] "GET http://ib.adnxs.com/tt?id=2287590&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.agtvbi.com/?p=28749" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/18.6.872.0 Safari/535.2 UNTRUSTED/1.0 3gpp-gba UNTRUSTED/1.0"
23.228.234.121 - - [24/Mar/2014:14:11:04 +0100] "GET http://ib.adnxs.com/tt?id=2249481&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.tvluck.net/?p=4130" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 4.0; Alexa Toolbar)"
23.91.20.235 - - [24/Mar/2014:14:11:04 +0100] "GET http://ib.adnxs.com/tt?id=2287590&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.agtvbi.com/?p=32312" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; Media Center PC 6.0; InfoPath.2; MS-RTC LM 8)"
23.228.234.124 - - [24/Mar/2014:14:11:05 +0100] "GET http://ib.adnxs.com/tt?id=2249921&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.pcemar.com/?category_name=lifestyle-2" "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; fr-FR)"
222.141.201.109 - - [24/Mar/2014:14:11:06 +0100] "GET http://ads.mopub.com/m/ad?v=6&id=e97c43fa9d4311e295fa123138070049&nv=1.12.0.0&udid=sha:24cd3e740e7a4f0ade96ceb5bc5ae5dc8c7a114f&ll=38.658724,-92.535656&z=CDT&o=l&sc_a=1.3&mr=1&mcc=302&mnc=720&iso=US&cn=Wireless%20Rogers%20Communications HTTP/1.0" 500 1069 "-" "Opera/9.80 (Android 2.2.2; Linux; Opera Mobi/ADR-1111101157; U; en) Presto/2.9.201 Version/11.50"
23.91.20.237 - - [24/Mar/2014:14:11:09 +0100] "GET http://ib.adnxs.com/tt?id=2287590&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.agtvbi.com/?p=29929" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0)"
23.228.234.115 - - [24/Mar/2014:14:11:10 +0100] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=4819271&pub_url=${PUB_URL} HTTP/1.0" 500 1153 "http://www.linnama.com/?p=993" "Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0"
184.105.203.51 - - [24/Mar/2014:14:11:10 +0100] "GET http://ib.adnxs.com/tt?id=2208504&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.tvlucifer.com/tag/love" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; Media Center PC 6.0; InfoPath.2; MS-RTC LM 8)"
198.13.111.248 - - [24/Mar/2014:14:11:12 +0100] "GET http://ib.adnxs.com/tt?id=2249888&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.thebankparent.com/?category_name=driving-style-and-technique" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.813.0 Safari/535.1"
198.13.111.242 - - [24/Mar/2014:14:11:13 +0100] "GET http://ib.adnxs.com/tt?id=2249973&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.finank.com/?p=13741" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2"
198.13.111.246 - - [24/Mar/2014:14:11:18 +0100] "GET http://ib.adnxs.com/tt?id=2249921&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.pcemar.com/?p=974" "Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0"
72.52.98.140 - - [24/Mar/2014:14:11:18 +0100] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=5141612&pub_url=${PUB_URL} HTTP/1.0" 500 1153 "http://www.wdhcc.com/?tag=scare" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC2; .NET CLR 2.0.50727; InfoPath.3; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8)"
23.228.234.117 - - [24/Mar/2014:14:11:19 +0100] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=4819271&pub_url=${PUB_URL} HTTP/1.0" 500 1153 "http://www.linnama.com/?p=850" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
23.91.20.235 - - [24/Mar/2014:14:11:20 +0100] "GET http://ib.adnxs.com/tt?id=2287590&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.agtvbi.com/?cat=1" "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.0; Trident/4.0; InfoPath.1; SV1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 3.0.04506.30)"
23.228.234.116 - - [24/Mar/2014:14:11:24 +0100] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=4819271&pub_url=${PUB_URL} HTTP/1.0" 500 1153 "http://www.linnama.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)"
23.228.234.124 - - [24/Mar/2014:14:11:24 +0100] "GET http://ib.adnxs.com/tt?id=2249921&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.pcemar.com/" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)"
198.13.111.243 - - [24/Mar/2014:14:11:24 +0100] "GET http://ib.adnxs.com/tt?id=2249973&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] HTTP/1.0" 500 1152 "http://www.finank.com/?tag=upc" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)"
Reading this i understand that i'm under some kind of ProxyAbuse, but deactivating the mod_proxy module doesn't stop the reqeusts at all. The only way i found working is to block port 80 in the listen.conf file. But than of course Redmine, Continuum and Tomcat are not reachable from outside.
Any ideas? Thanks in advance...

As explained here: https://serverfault.com/questions/242292/apache-getting-hammered-by-nonsense-requests-how-to-stop
You could use fail2ban or hosts.deny to block hosts in question from accessing your server.
Also, you could configure your firewall if that is applicable to block abusing IPs.

Fail2ban works by using iptables which maintains a list of IPs which it things are malicious and it will block any inbound request from these IPs. This is a kind on negative security model. I would recommend you to use a positive security model where you should return 403 status to all the inbound requests that are not for your server name.
You should install mod_security on your apache web server and create the following rule:
SecRule SERVER_NAME "www\.yourdomain\.com$" "id:'200000',phase:1,nolog,allow,ctl:ruleEngine=off"
In case you have any problems you can change the nolog to log and see the logs to understand whats happening. Hope this helps.