Webhost server error messages

DigNap15

Adherent
Joined
Sep 14, 2019
Messages
483
Hello
I am trying to work on my error messages to make my system run better
But when I print out or view the error log I get lots of the following error messages

2021-03-17 05:32:22 UTC [apache][php7:error] [pid 31592] [client 71.196.245.90:12136] script '/home/customer/www/myforum.com/public_html/wp-login.php' not found or unable to stat

I have a xenforo forum and a handcoded html webiste on the same webhost server.

It looks like they are looking for a word press site. (I don't have one)

Can anyone suggest what is causing the error, are these bots breaking into to my system?
 
Last edited:

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,573
I'm no expert but the error you've posted suggests to me that a script vulnerability scanner is probing your installation but failed to gain entry.

If I'm right I'd be inclined to check the other errors to ensure the same outcome. I'd also consider ramping up your security.
 

snerd

Aspirant
Joined
Jul 1, 2017
Messages
17
I'm getting them too. All kinds of WP probes, then some like myforum.com/env and myforum.com/public/env and on and on. Most I just enter a redirect to / while discovering these addresses using the 404 not found addon.
 

Pete

Flavours of Forums Forever
Joined
Sep 9, 2013
Messages
1,920
Yup, it’s quicker and easier for them to just try all the obvious vulnerabilities than it is to actually see what your site has first. Seeing hits to WP-login is not uncommon, also I see a lot of things try to hunt down phpMyAdmin too.
 

DigNap15

Adherent
Joined
Sep 14, 2019
Messages
483
Yup, it’s quicker and easier for them to just try all the obvious vulnerabilities than it is to actually see what your site has first. Seeing hits to WP-login is not uncommon, also I see a lot of things try to hunt down phpMyAdmin too.
Yes, I also get a lot of those hits for phpMyAdmin

I'm not sure if they are getting into my forum, or my webiste
So what I want to know now, is how can I stop them getting in this far.

I want to try and elimate all of these attacks, because they are just taking up bandwith, espcecially in 3 hour time frame, and it also makes it very hard for me to concentrate on the serious errors.
 

snerd

Aspirant
Joined
Jul 1, 2017
Messages
17
They're just port scans looking for vulnerabilities. They're not getting into your system, they're just typing web addresses to see what's not configured properly, and if they "could" get into your system.
 

Zelda

Participant
Joined
Feb 25, 2021
Messages
70
Stop the bots? All the bots? Lmao! 😂

There is no stopping every bot that ever existed or will exist. Not even if you use a service such as Imperva or Cloudflare, to name a few, and proceeded to put yourself behind a domain (DNS) proxy; could anyone here hope to stop every web bot.

Bots change IP addresses, user agents, and scanning methods as easily as you change clothes, only much faster. The only thing you can hope to do is protect yourself from what is known and pray you never are hit by something unknown.

But the best advice I feel I or anyone here can ever give you is to remember, the error between user and keyboard is the most significant threat.
 
Last edited:

DigNap15

Adherent
Joined
Sep 14, 2019
Messages
483
Stop the bots? All the bots? Lmao! 😂

There is no stopping every bot that ever existed or will exist. Not haven if you use a service such as Imperva or Cloudflare, to name a few, and proceeded to put yourself behind a domain (DNS) proxy; could anyone here hope to stop every web bot.

Bots change IP addresses, user agents, and scanning methods as easily as you change clothes, only much faster. The only thing you can hope to do is protect yourself from what is known and pray you never are hit by something unknown.

But the best advice I feel I or anyone here can ever give you is to remember, the error between user and keyboard is the most significant threat.
OK, but I would still like to know what they are doing to cause the error message in my OP.
If I could just stop some of them I would feel better.
 

Pete

Flavours of Forums Forever
Joined
Sep 9, 2013
Messages
1,920
For the sake of argument, let's say your site is myforum.com - they're visiting myforum.com/wp-login.php - it really is as simple as that.
 

DigNap15

Adherent
Joined
Sep 14, 2019
Messages
483
For the sake of argument, let's say your site is myforum.com - they're visiting myforum.com/wp-login.php - it really is as simple as that.
Thankyou so much

I just tried that and I got a 404 not found message!

So now I can sleep a lot better.
In thaat case, they are not actually getting into my forum or website!
It really was that simple!
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,573
The easiest defense against this kind of probing is to ensure your software, themes and plugins/add-ons are always up to date and that your passwords are strong and unique.
 

we_are_borg

Administrator
Joined
Jan 25, 2011
Messages
5,642
If you are getting hammered by one IP address just put it in the firewall.
 

Tracy Perry

Opinionated asshat
Joined
May 25, 2013
Messages
5,012
I want to try and elimate all of these attacks, because they are just taking up bandwith, espcecially in 3 hour time frame, and it also makes it very hard for me to concentrate on the serious errors.
Your'e not going to eliminate them. They will continue as most of these are script kiddies using known attack vectors. As long as the scripts exist, there will be attempts to hit the pages they expect to be present.
 

vikvaliant

Aspirant
Joined
Oct 21, 2014
Messages
34
On my installations of wordpress I put an .htaccess file in the directory /wp-admin to only allow access from specific IPs.

But in general I find fail2ban works well in blocking IPs that are probing your server.
 
Top