Why is apache pointing to other IP address?

March 14, 2017 1.9k views
Apache Debian DNS Logging
paulomorais1981
By:
paulomorais1981

Hy, my apache2 server is not responding. When I access my server, it gives me an error, and when I try to start the server via ssh it also gives an error too.

service apache2 start
[....] Starting web server: apache2Action 'start' failed.
The Apache error log may have more information.
 failed!

When I write tail /var/log/apache2/error.log.1, it returns my that message, between others:

[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql

The problem is that i don’t recognize this IP 62.210.170.90, and I don’t know why it’s registered in the log file.

This and other IP’s adresses are appearing at the log, and it’s not mine.

What can be happening?

Thx.

Sign In to Comment
3 Answers
paulomorais1981 March 15, 2017

Well, for some reason i don’t really no, the error.log wais saying that apache2 was unable to access the errorlog file. I created the errorlog empty file at the local it seemed to be pointed (another one at /var/www/logs/error_log) and the server could now restart. Now the problem is solved.

Report
jtittle1 March 14, 2017

@paulomorais1981

To see what’s going on, if you can run:

tail -50 /var/log/apache2/error.log

… and paste the output in to a code block, we can take a look for you.

The error you’re seeing in line you pasted simply states that /var/www/mysql doesn’t exist as a file, which is why it was logged. As far as what was trying to access it, other that the IP logged, it’s hard to say without more information.

Report
paulomorais1981 March 14, 2017

When I try to restar apache, I get this:

[....] Restarting web server: apache2Action 'start' failed.
The Apache error log may have more information.
failed!
root@liberdade:~#

When I type “tail /var/log/error.log.1”, i get this:

[Thu Mar 09 22:25:36 2017] [error] [client 151.80.134.210] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:02 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 19:30:25 2017] [error] [client 101.201.116.52] File does not exist: /var/www/pmd, referer: http://107.170.124.94:80/pmd
[Sat Mar 11 11:22:57 2017] [error] [client 142.0.41.2] File does not exist: /var/www/user
[Sun Mar 12 07:35:04 2017] [notice] Graceful restart requested, doing restart
[Sun Mar 12 07:35:04 2017] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

That’s it. I believe it’s something malicious that cracked my server. I don’t recognize anyone of theses IP addresses.

Hope this information is helpful.

Report
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Related