Related

Tool Instant DNS Lookup Tool Tool
PHP Error Log: authz_core:error - For files that don't exists on my server Question Question
How to make web service unavailable. As I develop this application, I'd rather not be burning up CPU or access time when not logged in. Question Question

Question

Why is apache pointing to other IP address?

Posted March 14, 2017 2.2k views
ApacheDebianDNSLogging

Hy, my apache2 server is not responding. When I access my server, it gives me an error, and when I try to start the server via ssh it also gives an error too.

service apache2 start
[....] Starting web server: apache2Action 'start' failed.
The Apache error log may have more information.
 failed!

When I write tail /var/log/apache2/error.log.1, it returns my that message, between others:

[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql

The problem is that i don’t recognize this IP 62.210.170.90, and I don’t know why it’s registered in the log file.

This and other IP’s adresses are appearing at the log, and it’s not mine.

What can be happening?

Thx.

Add a comment
paulomorais1981
By:
paulomorais1981
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers
paulomorais1981 March 15, 2017

Well, for some reason i don’t really no, the error.log wais saying that apache2 was unable to access the errorlog file. I created the errorlog empty file at the local it seemed to be pointed (another one at /var/www/logs/error_log) and the server could now restart. Now the problem is solved.

Reply Report
jtittle1 March 14, 2017

@paulomorais1981

To see what’s going on, if you can run:

tail -50 /var/log/apache2/error.log

… and paste the output in to a code block, we can take a look for you.

The error you’re seeing in line you pasted simply states that /var/www/mysql doesn’t exist as a file, which is why it was logged. As far as what was trying to access it, other that the IP logged, it’s hard to say without more information.

Reply Report
paulomorais1981 March 14, 2017

When I try to restar apache, I get this:

[....] Restarting web server: apache2Action 'start' failed.
The Apache error log may have more information.
failed!
root@liberdade:~#

When I type “tail /var/log/error.log.1”, i get this:

[Thu Mar 09 22:25:36 2017] [error] [client 151.80.134.210] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:02 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 19:30:25 2017] [error] [client 101.201.116.52] File does not exist: /var/www/pmd, referer: http://107.170.124.94:80/pmd
[Sat Mar 11 11:22:57 2017] [error] [client 142.0.41.2] File does not exist: /var/www/user
[Sun Mar 12 07:35:04 2017] [notice] Graceful restart requested, doing restart
[Sun Mar 12 07:35:04 2017] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

That’s it. I believe it’s something malicious that cracked my server. I don’t recognize anyone of theses IP addresses.

Hope this information is helpful.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help