99% of the information available on this error has to do with people who can't access their own server because it's miss-configured. My server is fine and I would like to know more about how an unknown person, who does not know the layout of my server was able to pick folders which they cannot normally see. Here are a couple examples, after using grep -ri on the IP address in my /var/log folder. Code: //Dates are 31/12, 5/1, 6/1, 8/1, & 10/1 apache2/error.log:[Thu Jan 08 22:36:32.824668 2015] [authz_core:error] [pid 31646] [client 216.218.206.66:54236] AH01630: client denied by server configuration: /var/www/conf/ apache2/error.log:[Thu Jan 08 22:36:32.824726 2015] [authz_core:error] [pid 31646] [client 216.218.206.66:54236] AH01630: client denied by server configuration: /var/www/php-fcgi-scripts/ // 5 entries on days (31/12, 5/1, 6/1, 7/1, 8/1) of the format below: apache2/access.log:216.218.206.66 - - [05/Jan/2015:20:36:32 +1000] "GET / HTTP/1.1" 200 2794 "-" "-" The IP appeared only in apache2/error.log & apache2/access.log, as above. But what else is interesting is that this same person has triggered errors for all the virtually hosted domains I have, which is near impossible to do by accident since doing a WhoIS lookup for an IP only returns one result. Anyone know what's going on? Should I be concerned about these entries? Cheers, Nap
These are common flder names, so poeple can just guess them as any server that runs ispconfig has these folders. The access has been denied, so your server is configured correctly.
Thanks Till, but how did they discover all the virtual domains I'm hosting? I have the same error for each of them too.
When apache gets restarted, then the session to php gets interrupted and this causes the error. This can and will happen for all sites that have a open connection to php at that time. So unless you see issues in your sites, the reason is most likely just an apache restart.
Ok, but that doesn't explain the IP address logged with the error. Thanks so much for taking the time!!