2

I am getting a new series of error in an error log file. I do not have any of these files at the mentioned location.
Is it any sort of attack on the server ?

I did some research relate to error but did not find how to prevent or fix this permanently.
I heard about "File2Ban" to protect the system against server attack.

Can I use File2Ban to prevent this?

[Sat ...] [php7:error] [pid ..] [client 154.8.200.196:15389] script '/opt/lampp/htdocs/cmv.php' not found or unable to stat
[Sat ...] [php7:error] [pid 6288] [client 154.8.200.196:15526] script '/opt/lampp/htdocs/cmdd.php' not found or unable to stat
[Sat ...] [php7:error] [pid 6279] [client 154.8.200.196:15614] script '/opt/lampp/htdocs/knal.php' not found or unable to stat
[Sat ...] [php7:error] [pid 6284] [client 154.8.200.196:15728] script '/opt/lampp/htdocs/cmd.php' not found or unable to stat
.
.
.

[Fri ....] [cgi:error] [pid ..] [client 189.230.99.177:51265] AH02811: script not found or unable to stat: /opt/lampp/cgi-bin/ViewLog.asp
[Fri ....] [cgi:error] [pid ..] [client 120.69.56.9:38628] AH02811: script not found or unable to stat: /opt/lampp/cgi-bin/ViewLog.asp
[Fri ....] [cgi:error] [pid ..] [client 122.174.165.128:40483] AH02811: script not found or unable to stat: /opt/lampp/cgi-bin/ViewLog.asp
.
.
.

I have...

Apache/2.4 (Unix)
I set up my project on digital ocean.

Maher
  • 363
  • 2
  • 5
  • 18
  • 2
    It is probably someone (or a bot) probing your system for known attack vectors. Unfortunately you cannot avoid it. – RiggsFolly Sep 06 '19 at 12:16
  • These are likely bots trying to request PHP files provided in these locations by some popular CMS / framework, hoping they can attack a system that way. Since you don’t have these files, that should be nothing to worry about too much, if it doesn’t happen with an amount and / or frequency that it causes actual performance issues. As long as that isn’t the case, there is little reason to treat this differently than any 404 caused by a user mistyping an address or following an outdated link. – misorude Sep 06 '19 at 12:21
  • @misorude Its creating issue with site performance as it frequently hitting to the server with different IP and port. Within two days my error log files size increase to 10-11MB. – Maher Sep 06 '19 at 12:25
  • Well Fail2Ban could block those IPs that already made such requests. It works by monitoring log files, so you’d have to figure out how to make it identify these kinds of requests. (Like based on the URL path / file name.) – misorude Sep 06 '19 at 12:35
  • use also iptable firewall to restrict access to only some ports – Nico Sep 06 '19 at 12:45

0 Answers0