Question

Why is apache pointing to other IP address?

Hy, my apache2 server is not responding. When I access my server, it gives me an error, and when I try to start the server via ssh it also gives an error too.

service apache2 start
[....] Starting web server: apache2Action 'start' failed.
The Apache error log may have more information.
 failed!

When I write tail /var/log/apache2/error.log.1, it returns my that message, between others:

[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql

The problem is that i don’t recognize this IP 62.210.170.90, and I don’t know why it’s registered in the log file.

This and other IP’s adresses are appearing at the log, and it’s not mine.

What can be happening?

Thx.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Well, for some reason i don’t really no, the error.log wais saying that apache2 was unable to access the error_log file. I created the error_log empty file at the local it seemed to be pointed (another one at /var/www/logs/error_log) and the server could now restart. Now the problem is solved.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

When I try to restar apache, I get this:

[....] Restarting web server: apache2Action 'start' failed.
The Apache error log may have more information.
failed!
root@liberdade:~#

When I type “tail /var/log/error.log.1”, i get this:

[Thu Mar 09 22:25:36 2017] [error] [client 151.80.134.210] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:02 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 19:30:25 2017] [error] [client 101.201.116.52] File does not exist: /var/www/pmd, referer: http://107.170.124.94:80/pmd
[Sat Mar 11 11:22:57 2017] [error] [client 142.0.41.2] File does not exist: /var/www/user
[Sun Mar 12 07:35:04 2017] [notice] Graceful restart requested, doing restart
[Sun Mar 12 07:35:04 2017] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

That’s it. I believe it’s something malicious that cracked my server. I don’t recognize anyone of theses IP addresses.

Hope this information is helpful.

@paulomorais1981

To see what’s going on, if you can run:

tail -50 /var/log/apache2/error.log

… and paste the output in to a code block, we can take a look for you.

The error you’re seeing in line you pasted simply states that /var/www/mysql doesn’t exist as a file, which is why it was logged. As far as what was trying to access it, other that the IP logged, it’s hard to say without more information.