Something odd is happening on my server. The Apache log shows lots of requests from the server's own IP address. I do not suspect the server is compromised. I suspect some PHP code is malfunctioning but I don't know how to trace it.
I had to block the server from itself in htaccess because too many sessions were being generated, but the requests are still occurring and resulting in access denied errors.
I need to find out what is generating the requests. Below I have pasted a 4 lines from the Apache error log, all of which were generated within the same exact second (of a total of 24 generated in that second!). I suspect that somewhere in a PHP script there is something causing this. How can I find out the source of these requests?
Note that the IP that shows up is not the localhost IP, but the server's external IP. That may be significant.
[Mon Sep 21 17:35:21.056244 2015] [access_compat:error] [pid 13385] [client 64.123.123.123:44407] AH01797: client denied by server configuration: /home/user1/public_html/403.shtml
[Mon Sep 21 17:35:21.065225 2015] [access_compat:error] [pid 13406] [client 64.123.123.123:44408] AH01797: client denied by server configuration: /home/user1/public_html/image/catalog/somepath/ABC-1234XYZ.jpg
[Mon Sep 21 17:35:21.065270 2015] [access_compat:error] [pid 13406] [client 64.123.123.123:44408] AH01797: client denied by server configuration: /home/user1/public_html/403.shtml
[Mon Sep 21 17:35:21.066066 2015] [access_compat:error] [pid 13155] [client 64.123.123.123:44409] AH01797: client denied by server configuration: /home/user1/public_html/image/catalog/someotherpath/DEF-AAA999Z.jpg
By the way, since August 23rd there are 535,263 lines in my Apache error log where my own server's IP is the client. This is a huge problem.
