Unknown domain appearing in Apache error log

Discussion in 'Server Operation' started by MartinAronsen, Feb 2, 2011.

  1. MartinAronsen

    MartinAronsen New Member


    I have a self-managed VPS running Ubuntu 10.04 and ISPConfig 3.

    In the Apache error log I'm seeing lots of these entries
    [Tue Feb 01 22:21:46 2011] [error] [client] File does not exist: /var/www/balkiness.pl
    [Tue Feb 01 22:23:54 2011] [error] [client] File does not exist: /var/www/balkiness.pl
    [Tue Feb 01 22:30:02 2011] [error] [client] File does not exist: /var/www/balkiness.pl
    [Tue Feb 01 22:44:05 2011] [error] [client] File does not exist: /var/www/balkiness.pl
    [Tue Feb 01 22:50:44 2011] [error] [client] File does not exist: /var/www/balkiness.pl
    [Tue Feb 01 22:52:07 2011] [error] [client] File does not exist: /var/www/balkiness.pl
    "balkiness.pl" is not a registered domain, not do I have it anywhere in my configurations (that I know of), so how can these entries appear in my error logs?
  2. falko

    falko Super Moderator

    I guess /var/www/ is the document root of your default vhost (the one Apache falls back to if no other vhost matches), and the clients tried to access the script balkiness.pl which doesn't exist in /var/www/.
  3. MartinAronsen

    MartinAronsen New Member

    Thank you, that makes sense!

    These guys are obviously trying to do some dirty things, would it be advised to add a script there that ban these IPs? And what would such a script look like? I could write it in PHP, but not sure if PHP (fastCGI) have access to run route add -host IP reject.
  4. falko

    falko Super Moderator

    You could have that script run by cron as the root user so it has the right permissions.

Share This Page