Why is apache pointing to other IP address?

March 14, 2017 364 views
Apache DNS Logging Debian

Hy, my apache2 server is not responding. When I access my server, it gives me an error, and when I try to start the server via ssh it also gives an error too.

service apache2 start
[....] Starting web server: apache2Action 'start' failed.
The Apache error log may have more information.
 failed!

When I write tail /var/log/apache2/error.log.1, it returns my that message, between others:

[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql

The problem is that i don't recognize this IP 62.210.170.90, and I don't know why it's registered in the log file.

This and other IP's adresses are appearing at the log, and it's not mine.

What can be happening?

Thx.

3 Answers

Well, for some reason i don't really no, the error.log wais saying that apache2 was unable to access the errorlog file. I created the errorlog empty file at the local it seemed to be pointed (another one at /var/www/logs/error_log) and the server could now restart. Now the problem is solved.

@paulomorais1981

To see what's going on, if you can run:

tail -50 /var/log/apache2/error.log

... and paste the output in to a code block, we can take a look for you.

The error you're seeing in line you pasted simply states that /var/www/mysql doesn't exist as a file, which is why it was logged. As far as what was trying to access it, other that the IP logged, it's hard to say without more information.

When I try to restar apache, I get this:

[....] Restarting web server: apache2Action 'start' failed.
The Apache error log may have more information.
failed!
root@liberdade:~#

When I type "tail /var/log/error.log.1", i get this:

[Thu Mar 09 22:25:36 2017] [error] [client 151.80.134.210] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:02 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 11:25:03 2017] [error] [client 62.210.170.90] File does not exist: /var/www/mysql
[Fri Mar 10 19:30:25 2017] [error] [client 101.201.116.52] File does not exist: /var/www/pmd, referer: http://107.170.124.94:80/pmd
[Sat Mar 11 11:22:57 2017] [error] [client 142.0.41.2] File does not exist: /var/www/user
[Sun Mar 12 07:35:04 2017] [notice] Graceful restart requested, doing restart
[Sun Mar 12 07:35:04 2017] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

That's it. I believe it's something malicious that cracked my server. I don't recognize anyone of theses IP addresses.

Hope this information is helpful.

Have another answer? Share your knowledge.