Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 2nd February 2011, 00:08
MartinAronsen MartinAronsen is offline
Junior Member
 
Join Date: Feb 2011
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Unknown domain appearing in Apache error log

Hi,

I have a self-managed VPS running Ubuntu 10.04 and ISPConfig 3.

In the Apache error log I'm seeing lots of these entries
Code:
[Tue Feb 01 22:21:46 2011] [error] [client 91.137.131.53] File does not exist: /var/www/balkiness.pl
[Tue Feb 01 22:23:54 2011] [error] [client 218.56.21.226] File does not exist: /var/www/balkiness.pl
[Tue Feb 01 22:30:02 2011] [error] [client 174.121.154.16] File does not exist: /var/www/balkiness.pl
[Tue Feb 01 22:44:05 2011] [error] [client 212.67.210.18] File does not exist: /var/www/balkiness.pl
[Tue Feb 01 22:50:44 2011] [error] [client 216.35.196.53] File does not exist: /var/www/balkiness.pl
[Tue Feb 01 22:52:07 2011] [error] [client 69.163.248.88] File does not exist: /var/www/balkiness.pl
"balkiness.pl" is not a registered domain, not do I have it anywhere in my configurations (that I know of), so how can these entries appear in my error logs?
Reply With Quote
Sponsored Links
  #2  
Old 2nd February 2011, 15:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

I guess /var/www/ is the document root of your default vhost (the one Apache falls back to if no other vhost matches), and the clients tried to access the script balkiness.pl which doesn't exist in /var/www/.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 2nd February 2011, 23:58
MartinAronsen MartinAronsen is offline
Junior Member
 
Join Date: Feb 2011
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thank you, that makes sense!

These guys are obviously trying to do some dirty things, would it be advised to add a script there that ban these IPs? And what would such a script look like? I could write it in PHP, but not sure if PHP (fastCGI) have access to run route add -host IP reject.
Reply With Quote
  #4  
Old 3rd February 2011, 14:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
 
Default

You could have that script run by cron as the root user so it has the right permissions.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
freebsd 7, samba 3, domain controller alexdimarco Suggest HOWTO 6 5th November 2010 16:54
coexistence of php4 and php5 on ISPC3 AceLine Tips/Tricks/Mods 5 5th November 2010 14:56
Postfix - Relay access denied gotting Server Operation 3 23rd April 2008 14:06
Howto suggestion suse PhP ver 4 + Ver 5 wwparrish Suggest HOWTO 11 7th August 2006 13:29
php script injections Grizzly General 21 18th July 2006 08:55


All times are GMT +2. The time now is 14:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.