Hi, I have a self-managed VPS running Ubuntu 10.04 and ISPConfig 3. In the Apache error log I'm seeing lots of these entries Code: [Tue Feb 01 22:21:46 2011] [error] [client 91.137.131.53] File does not exist: /var/www/balkiness.pl [Tue Feb 01 22:23:54 2011] [error] [client 218.56.21.226] File does not exist: /var/www/balkiness.pl [Tue Feb 01 22:30:02 2011] [error] [client 174.121.154.16] File does not exist: /var/www/balkiness.pl [Tue Feb 01 22:44:05 2011] [error] [client 212.67.210.18] File does not exist: /var/www/balkiness.pl [Tue Feb 01 22:50:44 2011] [error] [client 216.35.196.53] File does not exist: /var/www/balkiness.pl [Tue Feb 01 22:52:07 2011] [error] [client 69.163.248.88] File does not exist: /var/www/balkiness.pl "balkiness.pl" is not a registered domain, not do I have it anywhere in my configurations (that I know of), so how can these entries appear in my error logs?
I guess /var/www/ is the document root of your default vhost (the one Apache falls back to if no other vhost matches), and the clients tried to access the script balkiness.pl which doesn't exist in /var/www/.
Thank you, that makes sense! These guys are obviously trying to do some dirty things, would it be advised to add a script there that ban these IPs? And what would such a script look like? I could write it in PHP, but not sure if PHP (fastCGI) have access to run route add -host IP reject.