Apache Error Logs

Forum Moderators: phranque

Message Too Old, No Replies

Apache Error Logs

Strange Errors

akwexavante

9:28 am on Aug 23, 2016 (gmt 0)

Hoping somebody can help me solve a mystery in a simplistic way.

I'm getting some strange errors in my error log file for Apache2.

The used Domain Name and IP addresses have been altered to disguise my actual details.

Assume that I do actually own the Domain Name "example.co.uk" and my server is at the IP Address 101.101.101.101

[Fri Aug 19 23:50:48 2016] [error] [client 180.150.230.nn] File does not exist: /srv/www/htdocs/wp-login.php, referer: http://example.co.uk/wp-login.php

and

[Sun Aug 14 11:39:44 2016] [error] [client 180.150.230.nn] File does not exist: /srv/www/htdocs/HNAP1, referer: http://101.101.101.101/

What's going on here!
Starting to get a lot of these requests, I don't have PHP or word press installed at all and the directory HNAP1 doesn't exist. Many non existent directories, files and scripts are being requested.

[edited by: not2easy at 11:56 am (utc) on Aug 23, 2016]
[edit reason] Please use "example" for domain examples [/edit]

Andy Langton

12:18 pm on Aug 23, 2016 (gmt 0)

They're just scanning for Wordpress sites with vulnerabilities - the referrer is faked in case you have some sort of security check on referrals. If you don't have Wordpress, it doesn't do you any harm (and you won't make their list of vulnerable sites).

You could block IPs that request Wordpress files, but it's unlikely to be worth the effort overall. If it's a big concern, take a look at some of the site security options out there (Cloudflare/bot blocking scripts etc.).

akwexavante

12:27 pm on Aug 23, 2016 (gmt 0)

Thank you for your reply, i'll just let them continue to waste there own time and efforts

Andy Langton

12:45 pm on Aug 23, 2016 (gmt 0)

The HNAP1 is probably checking if you have an insecure router, incidentally (again, not an issue). And welcome to WebmasterWorld [webmasterworld.com], akwexavante :)