0

I have recently reinstalled my VPS OS and at present do not have any websites in my public_folder. In order to investigate a dovecot error which of course is not my question here, I issued

tail -n 20 domains/mydomain.com.error.log

which yielded

[Sat Aug 09 01:53:53 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 01:54:54 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 01:55:54 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 01:56:54 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 01:57:53 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 01:58:53 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 01:59:53 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:00:54 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:01:54 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:02:54 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:03:53 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:04:53 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:05:53 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:06:54 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:07:53 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:08:42 2014] [error] [client 141.8.xxx.x] File does not exist: /home/admin/domains/domain.com/public_html/robots.txt
[Sat Aug 09 02:08:42 2014] [error] [client 141.8.xxx.x] File does not exist: /home/admin/domains/domain.com/public_html/robots.txt
[Sat Aug 09 02:08:53 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:09:53 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1
[Sat Aug 09 02:10:54 2014] [error] [client 158.58.xxx.xxx] File does not exist: /home/admin/domains/domain.com/public_html/folder1

What I cannot understand is the presence of the IP address 158.58.xxx.xxx and 141.8.xxx.x which does not belong to me as clients in the above lines. Would you please explain what these lines mean? What do they have to do with my public_folder?

Thanks in advance.

developer
  • 555
  • 2
  • 8
  • 16

1 Answers1

3

These is most likely "background noise" - large botnets are permanently trying to find unpatched security holes in servers and exploit those.

If you have traffic only coming from a set of fixed addresses, you could configure a firewall to block everything except the valid addresses, but in most cases this is something we just have to live with (and keep our servers patched and secure, of course).

Sven
  • 98,649
  • 14
  • 180
  • 226
  • You mean I simply add the two IP addresses above to the deny list? (I'm using CSF.) – developer Aug 08 '14 at 22:19
  • 1
    No, permanent blacklisting is not useful in most cases, as these requests will come from thousands of adresses over time. If you have a small set of valid address, use whitelisting instead - deny everything except the valid addresses. – Sven Aug 08 '14 at 22:23
  • Sorry for being slow! You mean I whitelist IPs of people who visit my website? Well, in that case, there could be numerous addresses. Please help me understand what you mean. – developer Aug 08 '14 at 22:26
  • No, in that case you do nothing, but live with this background noise instead. Whitelisting is used if you have a fixed set of valid client IP's, which I understand isn't the case for you. As I said, the noise is common, every web server has masses of those entries. As long as your system is kept secure, this isn't a problem. If you can be reasonably sure that no valid user is trying to access invalid pages for whatever reason, you could try to use something like fail2ban to block bots, but I don't think this is worth the effort in most cases. – Sven Aug 08 '14 at 22:31