I have recently found some strange logs on my webserver (something about wordpress):
[Wed Nov 15 19:44:28 2017] [error] [client 209.90.225.243] File does not exist: /path/to/vhosts/docroot/wp-content, referer: http://my.domain/wp-content/plugins/revslider/temp/
[Mon Nov 13 19:05:51 2017] [error] [client 209.90.225.243] File does not exist: /path/to/vhosts/docroot/wp-content, referer: http://my.domain/wp-content/themes/famous/style.css
[Sat Nov 11 22:21:38 2017] [error] [client 209.90.225.243] File does not exist: /path/to/vhosts/docroot/wp-content, referer: http://my.domain/wp-content/plugins/complete-gallery-manager/frames/upload-images.php
The main problem is that I don't have a wordpress installed in the virtual-host where I found the these errors. On the same server, there are other intallations of word-press that I don't have access to.
Does anybody know why I'm seeing these logs messages? The referer page doesn't exist on my server, but it's easy to change in a http request made from scratch.
Could it be a random attack?
Related
I’ll try to keep this short :)
I have internal server error on my site that comes and goes and happens like twice a week for the past 4 months. This week it happens everyday like if I’m browsing 10 pages at least one will be 500 internal server error. I had many plugins and thought that they are causing it. I deactivated plugins and still have the error, I’m using Avada theme and switch to native theme and still have the error (when I test it by opening many pages). I’m using incognito window + using www.brokenlinkcheck.com and www.drlinkcheck.com.
Error:
Wed Feb 05 14:36:50.903810 2020] [:error] [pid 404293:tid
139773324543744] [client 38.128.66.10:0] SoftException in
Application.cpp:630: Could not execute script
“/home1/xxxxxxx/public_html/index.php”
[Wed Feb 05 14:36:50.013640 2020] [:error] [pid 404293:tid
139773692856064] [client 5.244.163.91:0] SoftException in
Application.cpp:630: Could not execute script
“/home1/xxxxxxx/public_html/index.php”, referer:
https://www.google.com/
[Wed Feb 05 14:36:49.740221 2020] [:error] [pid 404293:tid
139773681346304] [client 197.253.196.171:0] SoftException in
Application.cpp:630: Could not execute script
“/home1/hatitnet/public_html/index.php”, referer:
https://www.xxxxxxx.net/5280/
[Wed Feb 05 14:36:48.736710 2020] [:error] [pid 412638:tid
139774268344064] [client 37.43.228.175:57520] SoftException in
Application.cpp:630: Could not execute script
“/home1/xxxxxxx/public_html/index.php”, referer:
https://www.xxxxxxx.net/wp-admin/post.php?post=10231&action=edit
Actions taken to solve the issue:
1- deactivated all plugins
2- generated new htaccess file
3- change themes
4- re-installed WordPress fresh copy
And nothing has worked.
I'm having Internal server error in some sessions(parts) after I login in wp dashboard.
Issues are in wp-admin/plugins.php and some few other places where is relating with any plugins.
I have checked .htaccess, memory limit to my server and in wp file is ok, I have deactivated all the plugins, changed themes, updated WordPress and still have the same issue.
I have check the error log and this is what it shows:
[Thu Jun 09 12:22:25 2016] [error] [client 217.73.141.38] Premature end of script headers: update-core.php, referer: http://www.salus.al/wp-admin/
[Thu Jun 09 12:22:29 2016] [warn] [client 217.73.141.38] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server, referer: http://www.salus.al/wp-admin/
[Thu Jun 09 12:22:29 2016] [error] [client 217.73.141.38] Premature end of script headers: plugins.php, referer: http://www.salus.al/wp-admin/
[Thu Jun 09 12:22:32 2016] [warn] [client 217.73.141.38] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server, referer: http://www.salus.al/wp-admin/
Remove or rename your plugins folder and see if the problem goes away. If it does, then add each plugin one at a time to see which one produces the error. Perhaps clear all cache, cookies, etc as well.
I look at this chapter in cookbook to write a login procedure.
http://symfony.com/doc/current/cookbook/security/form_login_setup.html
In firefox is everything fine. But in google chrome i get a blank page after login. In my error log exists following lines.
[Thu Feb 19 09:26:06.502498 2015] [proxy_fcgi:error] [pid 17203:tid 140244355569408] [client 192.168.56.1:4441] Premature end of script headers: , referer: http://app.dev-local/app_dev.php/login
[Thu Feb 19 09:26:06.502888 2015] [proxy_fcgi:error] [pid 17203:tid 140244355569408] [client 192.168.56.1:4441] AH01070: Error parsing script headers, referer: http://app.dev-local/app_dev.php/login
[Thu Feb 19 09:26:06.504918 2015] [proxy_fcgi:error] [pid 17203:tid 140244355569408] [client 192.168.56.1:4441] AH01068: Got bogus version 84, referer: http://app.dev-local/app_dev.php/login
[Thu Feb 19 09:26:06.507243 2015] [proxy_fcgi:error] [pid 17203:tid 140244355569408] (22)Invalid argument: [client 192.168.56.1:4441] AH01075: Error dispatching request to : (passing brigade to output filters), referer: http://app.dev-local/app_dev.php/login
I have following version:
Symfony 2.6
PHP 5.5.16
Apache/2.4.10
Ubuntu 14.04
Have someone the same issue? Can anyone give me a hint?
Check your config_prod.yml and config_dev.yml. Search for:
chromephp:
type: chromephp
and remove/comment that block. Example:
# chromephp:
# type: chromephp
# level: info
I think Chrome adds supplementary information in headers sent.
this is my error logs!! pls help me.. googlerbot can't crawl my website too. i'm using shared hosting.
[Wed Apr 16 11:17:34 2014] [error] [client 198.143.34.33] client
denied by server configuration:
/home/markgelo/public_html/markgiver/403.shtml
[Wed Apr 16 11:17:34 2014] [error] [client 198.143.34.33] client
denied by server configuration:
/home/markgelo/public_html/markgiver/2014
[Wed Apr 16 11:17:30 2014] [error] [client 199.30.20.15] client denied
by server configuration:
/home/markgelo/public_html/mkvmusic.tk/403.shtml
[Wed Apr 16 11:17:30 2014] [error] [client 199.30.20.15] client denied
by server configuration: /home/markgelo/public_html/mkvmusic.tk/2014
[Wed Apr 16 11:17:29 2014] [error] [client 198.143.38.65] client
denied by server configuration: /home/markgelo/public_html/403.shtml
[Wed Apr 16 11:17:29 2014] [error] [client 198.143.38.65] client
denied by server configuration:
/home/markgelo/public_html/download-strike-the-blood-all-episodes-720p-80mb-english-subbed-mediafire
[Wed Apr 16 11:17:20 2014] [error] [client 199.30.20.10] client denied
by server configuration:
/home/markgelo/public_html/mkvmusic.tk/403.shtml
[Wed Apr 16 11:17:20 2014] [error] [client 199.30.20.10] client denied
by server configuration: /home/markgelo/public_html/mkvmusic.tk/2014
[Wed Apr 16 11:17:13 2014] [error] [client 5.255.253.38] client denied
by server configuration:
/home/markgelo/public_html/androidnews/403.shtml
[Wed Apr 16 11:17:13 2014] [error] [client 5.255.253.38] client denied
by server configuration:
/home/markgelo/public_html/androidnews/wp-content
[Wed Apr 16 11:17:09 2014] [error] [client 198.143.46.33] client
denied by server configuration: /home/markgelo/public_html/403.shtml
[Wed Apr 16 11:17:09 2014] [error] [client 198.143.46.33] client
denied by server configuration:
/home/markgelo/public_html/wp-content/uploads/2013/03/542102.jpg
[Wed Apr 16 11:17:07 2014] [error] [client 5.255.253.38] client denied
by server configuration:
/home/markgelo/public_html/androidnews/403.shtml
[Wed Apr 16 11:17:07 2014] [error] [client 5.255.253.38] client denied
by server configuration:
/home/markgelo/public_html/androidnews/wp-content
[Wed Apr 16 11:17:02 2014] [error] [client 65.55.215.34] client denied
by server configuration: /home/markgelo/public_html/hentai/403.shtml
[Wed Apr 16 11:17:02 2014] [error] [client 65.55.215.34] client denied
by server configuration:
/home/markgelo/public_html/hentai/wp-content/uploads/2013/08/H62_Initiation_LRG.jpg
[Wed Apr 16 11:16:58 2014] [error] [client 198.143.39.1] client denied
by server configuration: /home/markgelo/public_html/403.shtml
[Wed Apr 16 11:16:58 2014] [error] [client 198.143.39.1] client denied
by server configuration: /home/markgelo/public_html/
[Wed Apr 16 11:16:53 2014] [error] [client 180.76.6.146] client denied
by server configuration:
/home/markgelo/public_html/backlinks/403.shtml
[Wed Apr 16 11:16:53 2014] [error] [client 180.76.6.146] client denied
by server configuration: /home/markgelo/public_html/backlinks/
[Wed Apr 16 11:16:47 2014] [error] [client 66.249.77.99] client denied
by server configuration: /home/markgelo/public_html/android/403.shtml
[Wed Apr 16 11:16:47 2014] [error] [client 66.249.77.99] client denied
by server configuration: /home/markgelo/public_html/android/2013
[Wed Apr 16 11:16:42 2014] [error] [client 66.249.77.71] client denied
by server configuration:
/home/markgelo/public_html/mkvmusic.tk/403.shtml
[Wed Apr 16 11:16:42 2014] [error] [client 66.249.77.71] client denied
by server configuration: /home/markgelo/public_html/mkvmusic.tk/2014
[Wed Apr 16 11:16:41 2014] [error] [client 199.21.148.44] client
denied by server configuration:
/home/markgelo/public_html/android/403.shtml
[Wed Apr 16 11:16:41 2014] [error] [client 199.21.148.44] client
denied by server configuration:
/home/markgelo/public_html/android/android-games
[Wed Apr 16 11:16:34 2014] [error] [client 157.55.33.182] client
denied by server configuration:
/home/markgelo/public_html/markgiver/403.shtml
[Wed Apr 16 11:16:34 2014] [error] [client 157.55.33.182] client
denied by server configuration:
/home/markgelo/public_html/markgiver/2013
[Wed Apr 16 11:16:34 2014] [error] [client 157.55.33.182] client
denied by server configuration:
/home/markgelo/public_html/markgiver/403.shtml
I had the same issue today. It was a problem with .htaccess file of the server in my case.
You can find it in the /public_html/ folder.
Rename it to .htacces_old, or with some other name, then try to reload a website page.
If you can't find this file - it may be because this is a hidden file. You can change it's visiblility on CPANEL > Settings, check a box "Show hidden files (dotfiles).
One of your Wordpress security plugins checks each IP against a blacklist of IPs and if there is a match then that IP is not allowed to connect.
I checked 2 of the IPs listed above and one came up:
http://www.liveipmap.com/199.21.148.44 (open proxy)
and another came up
https://www.projecthoneypot.org/ip_198.143.38.33 (spam harvester / comment spammer)
If you want to allow open proxy and comment spammers, you need to check every setting in your security plugin or find a different plugin to use).
http://wordpress.org/support/topic/plugin-better-wp-security-404-not-found-on-all-site-links
Go to the WP Dashboard --> Settings --> Permalinks
click on default and save changes.
Then click on Postname and save changes.
I have rechecked my logs throughout the last hour and there are NO errors in the logs! Woot!
Now if Bit51 would have addressed this directly ... it so would have solved a headache I really did not need today! UGH.
good luck!!
I attempted to install Gitolite on a Fedora 17 server with the aim of setting up git and HTTP access along with authorisation. Git access works OK. Can push and pull. But HTTP access falls over with an Error 500. It appears I got something wrong with permissions.
Here's what I did. I followed instructions from here: sitaramc.github.com
I have documented what I have tried to do here if anyone would like to see it down to detail.
HTTP Error:
Internal Server Error - 500
The server encountered an internal error or misconfiguration and was unable to complete your request.
More information about this error may be available in the server error log.
Error Log - /var/log/httpd/error-git.log
[Wed Feb 13 08:26:11 2013] [error] [client 192.168.0.40] suexec failure: could not open log file
[Wed Feb 13 08:26:11 2013] [error] [client 192.168.0.40] fopen: Permission denied
[Wed Feb 13 08:26:11 2013] [error] [client 192.168.0.40] Premature end of script headers: gitolite-suexec-wrapper.sh
[Wed Feb 13 08:30:13 2013] [error] [client 192.168.0.40] Directory index forbidden by Options directive: /var/www/git/
* Update 1 *
- Managed to post the error output here.
* Update 2 *
Relaxed permissions on log directory and gitolite-suexec-wrapper.sh. More details are available at the link above where I have documented in detail.
/var/log/httpd/error-git.log
[Wed Feb 13 21:18:47 2013] [error] [client 192.168.0.40] suexec policy violation: see suexec log for more details
[Wed Feb 13 21:18:47 2013] [error] [client 192.168.0.40] Premature end of script headers: gitolite-suexec-wrapper.sh
[Wed Feb 13 21:18:54 2013] [error] [client 192.168.0.40] Directory index forbidden by Options directive: /var/www/git/
$ sudo more /var/log/httpd/suexec.log
[2013-02-13 21:18:47]: uid: (990/git) gid: (988/git) cmd: gitolite-suexec-wrapper.sh
[2013-02-13 21:18:47]: cannot stat program: (gitolite-suexec-wrapper.sh)
Not sure where next
* Update 3 *
Ok, so I made some progress. I may have fixed the permissions issue. Now facing a PATH issue. Like before, most relevant output is included here. Full details are updated at the link in my original post.
My knowledge of Apache config is very basic. After reading about suEXEC, I realised the permission issue could be arising out of SELinux. So I disabled it for now. (Would like to identify a way of having gitolite working with SELinux active, but that's for later. Suggestions are welcome.)
Now when I access the url: http:// mochapenguin /git/testing.git in browser
001E# service=git-upload-pack
0000003BERR FATAL: unknown git/gitolite command: 'testing.git'
When I test from the client machine, I see:
ssh git#mochapenguin \echo $PATH
FATAL: unknown git/gitolite command: 'echo /usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/home/mochapenguin/.local/bin:/home/mochapenguin/bin'
* Update 4 *
Alright, got it working. No further change was needed since my last update.
I ought to have tried accessing the repo like so, instead of trying the URL in the browser:
git clone http://username:password#mochapenguin/git/testing.git
This setup allows clone and push over http
I can't figure out what I got wrong.
Could someone point me the right way, please?