are the errors appearing in the access log or the error log?
It's on the error log.
I think I have an idea of what's going on.
Recently (feb 01) started experiencing Internal Server Error issues. At first, I thought the admin moved my files to another server lacking some Perl modules) but that wasn't the case, it took me a while to understand it was something else because the Cpanel changed. Turns out they moved my files probably compressing and decompressing, and there was an issue with the end of line on the scripts (a common problem with Perl scripts, if not careful, I mean, them). So I fixed the problem by just saving again the main scripts.
The Internal Server Error messages were gone right away.
But while at the error log page, I could see the same messages about the cgi-bin folder, that seemed strange to me. Only a few websites have that folder and it's not accessible, the rest have no cgi-folder, and yet, the error appeared on both. Seems to me something or someone is browsing the folder structure. There is a new option on my Cpanel showing NginX caché, I turned it off, I have no idea how it works, my websites have their own cache function, so, I don't need it, it's off.
Yet, the errors still appeared.
Today, these cgi-bin errors are almost gone, but now I get the same thing looking for php.ini
I believe someone, or something, is searching for vulnerable files on my file structure. I'm honestly not concerned as I have tested this extensively, but that seems like evidence to me. Good luck searching php.ini, all my framework and cms runs on Perl, the sites are up, no hacking of any kind.
