Unknown domain appearing in Apache error log

Hi,

I have a self-managed VPS running Ubuntu 10.04 and ISPConfig 3.

In the Apache error log I'm seeing lots of these entries

Code:

[Tue Feb 01 22:21:46 2011] [error] [client 91.137.131.53] File does not exist: /var/www/balkiness.pl
[Tue Feb 01 22:23:54 2011] [error] [client 218.56.21.226] File does not exist: /var/www/balkiness.pl
[Tue Feb 01 22:30:02 2011] [error] [client 174.121.154.16] File does not exist: /var/www/balkiness.pl
[Tue Feb 01 22:44:05 2011] [error] [client 212.67.210.18] File does not exist: /var/www/balkiness.pl
[Tue Feb 01 22:50:44 2011] [error] [client 216.35.196.53] File does not exist: /var/www/balkiness.pl
[Tue Feb 01 22:52:07 2011] [error] [client 69.163.248.88] File does not exist: /var/www/balkiness.pl

"balkiness.pl" is not a registered domain, not do I have it anywhere in my configurations (that I know of), so how can these entries appear in my error logs?

 

I guess /var/www/ is the document root of your default vhost (the one Apache falls back to if no other vhost matches), and the clients tried to access the script balkiness.pl which doesn't exist in /var/www/.

 

Thank you, that makes sense!

These guys are obviously trying to do some dirty things, would it be advised to add a script there that ban these IPs? And what would such a script look like? I could write it in PHP, but not sure if PHP (fastCGI) have access to run route add -host IP reject.

 

You could have that script run by cron as the root user so it has the right permissions.