Unknown domain appearing in Apache error log

Discussion in 'Server Operation' started by MartinAronsen, Feb 2, 2011.

  1. MartinAronsen

    MartinAronsen New Member

    Hi,

    I have a self-managed VPS running Ubuntu 10.04 and ISPConfig 3.

    In the Apache error log I'm seeing lots of these entries
    Code:
    [Tue Feb 01 22:21:46 2011] [error] [client 91.137.131.53] File does not exist: /var/www/balkiness.pl
    [Tue Feb 01 22:23:54 2011] [error] [client 218.56.21.226] File does not exist: /var/www/balkiness.pl
    [Tue Feb 01 22:30:02 2011] [error] [client 174.121.154.16] File does not exist: /var/www/balkiness.pl
    [Tue Feb 01 22:44:05 2011] [error] [client 212.67.210.18] File does not exist: /var/www/balkiness.pl
    [Tue Feb 01 22:50:44 2011] [error] [client 216.35.196.53] File does not exist: /var/www/balkiness.pl
    [Tue Feb 01 22:52:07 2011] [error] [client 69.163.248.88] File does not exist: /var/www/balkiness.pl
    "balkiness.pl" is not a registered domain, not do I have it anywhere in my configurations (that I know of), so how can these entries appear in my error logs?
     
  2. falko

    falko Super Moderator ISPConfig Developer

    I guess /var/www/ is the document root of your default vhost (the one Apache falls back to if no other vhost matches), and the clients tried to access the script balkiness.pl which doesn't exist in /var/www/.
     
  3. MartinAronsen

    MartinAronsen New Member

    Thank you, that makes sense!

    These guys are obviously trying to do some dirty things, would it be advised to add a script there that ban these IPs? And what would such a script look like? I could write it in PHP, but not sure if PHP (fastCGI) have access to run route add -host IP reject.
     
  4. falko

    falko Super Moderator ISPConfig Developer

    You could have that script run by cron as the root user so it has the right permissions.
     

Share This Page