My web server is hit by strange traffic, what is that?

Question

I'm a noob and just set-up a linode account to play around with linux development. I started nginx and made a simple homepage for my domain (giuliopizzini.com). Today I checked the nginx logs and there is some really weird traffic going on, as if my web server was hit for random websites. I'm attaching Nov 23 logs as an example, but it's the same averyday.

Anybody can explain what is going on? Thanks!

access.log Nov 23

217.136.10.64 - - [23/Nov/2011:03:32:44 -0500] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0    (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/17.0.942.0    Safari/535.8"
217.136.10.64 - - [23/Nov/2011:03:32:45 -0500] "GET /favicon.ico HTTP/1.1" 404 570 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/17.0.942.0 Safari/535.8"
217.136.10.64 - - [23/Nov/2011:03:33:03 -0500] "-" 400 0 "-" "-"
58.218.199.227 - - [23/Nov/2011:06:51:23 -0500] "GET http://www.tosunmail.com/proxyheader.php HTTP/1.1" 404 570 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.227 - - [23/Nov/2011:11:38:16 -0500] "GET http://218.83.152.252/judge112233.php HTTP/1.1" 404 570 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.199.227 - - [23/Nov/2011:15:15:15 -0500] "GET    http://www.shopsline.com/proxyheader.php HTTP/1.1" 404 570 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
206.196.111.204 - - [23/Nov/2011:21:11:51 -0500] "GET / HTTP/1.0" 200 34 "http://findsa.co.za/directory/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"

error.log Nov 23

2011/11/23 03:32:45 [error] 30442#0: *175 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 217.136.10.64, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "giuliopizzini.com"
2011/11/23 06:51:23 [error] 30442#0: *177 open() "/etc/nginx/html/proxyheader.php" failed (2: No such file or directory), client: 58.218.199.227, server: localhost, request: "GET http://www.tosunmail.com/proxyheader.php HTTP/1.1", host: "www.tosunmail.com"
2011/11/23 11:38:16 [error] 30442#0: *178 open() "/etc/nginx/html/judge112233.php" failed (2: No such file or directory), client: 58.218.199.227, server: localhost, request: "GET http://218.83.152.252/judge112233.php HTTP/1.1", host: "218.83.152.252"
2011/11/23 15:15:15 [error] 30442#0: *179 open() "/etc/nginx/html/proxyheader.php" failed (2: No such file or directory), client: 58.218.199.227, server: localhost, request: "GET http://www.shopsline.com/proxyheader.php HTTP/1.1", host: "www.shopsline.com"

Answer 1

Access log

1. 304 not modified answer. Most likely a perfectly legal request, especially considering the user-agent.

2. 404 on favico.ico means that your webserver does not have the favicon.ico file available and replies with "404 not found". This is normal and can be fixed by adding a favico.ico file to your webserver document root.

3. "400 Bad Request". This looks like a probing request to see how your webserver replies to this. Usually the webserver only returns "Your browser sent a request that this server could not understand."

4. 5. 6. This is harmless 404 returning from your server. However this seems to be probing for proxy functionality on your webserver.

7. Harmless request to your document root (probably returning index.html or similar). The findsa.co.za path is the referer header.

Error log

1.2.3.4. Harmless entries. These are just the webservers error when trying to load the files which it responded 404 on.