Webhost server error messages

DigNap15 · Mar 20, 2021

Hello
I am trying to work on my error messages to make my system run better
But when I print out or view the error log I get lots of the following error messages

2021-03-17 05:32:22 UTC [apache][php7:error] [pid 31592] [client 71.196.245.90:12136] script '/home/customer/www/myforum.com/public_html/wp-login.php' not found or unable to stat

I have a xenforo forum and a handcoded html webiste on the same webhost server.

It looks like they are looking for a word press site. (I don't have one)

Can anyone suggest what is causing the error, are these bots breaking into to my system?

zappaDPJ · Mar 20, 2021

I'm no expert but the error you've posted suggests to me that a script vulnerability scanner is probing your installation but failed to gain entry.

If I'm right I'd be inclined to check the other errors to ensure the same outcome. I'd also consider ramping up your security.

snerd · Mar 20, 2021

I'm getting them too. All kinds of WP probes, then some like myforum.com/env and myforum.com/public/env and on and on. Most I just enter a redirect to / while discovering these addresses using the 404 not found addon.

Pete · Mar 21, 2021

Yup, it’s quicker and easier for them to just try all the obvious vulnerabilities than it is to actually see what your site has first. Seeing hits to WP-login is not uncommon, also I see a lot of things try to hunt down phpMyAdmin too.

DigNap15 · Mar 21, 2021

Pete said:
Yup, it’s quicker and easier for them to just try all the obvious vulnerabilities than it is to actually see what your site has first. Seeing hits to WP-login is not uncommon, also I see a lot of things try to hunt down phpMyAdmin too.

Yes, I also get a lot of those hits for phpMyAdmin

I'm not sure if they are getting into my forum, or my webiste
So what I want to know now, is how can I stop them getting in this far.

I want to try and elimate all of these attacks, because they are just taking up bandwith, espcecially in 3 hour time frame, and it also makes it very hard for me to concentrate on the serious errors.

snerd · Mar 21, 2021

They're just port scans looking for vulnerabilities. They're not getting into your system, they're just typing web addresses to see what's not configured properly, and if they "could" get into your system.

Zelda · Mar 21, 2021

Stop the bots? All the bots? Lmao!

There is no stopping every bot that ever existed or will exist. Not even if you use a service such as Imperva or Cloudflare, to name a few, and proceeded to put yourself behind a domain (DNS) proxy; could anyone here hope to stop every web bot.

Bots change IP addresses, user agents, and scanning methods as easily as you change clothes, only much faster. The only thing you can hope to do is protect yourself from what is known and pray you never are hit by something unknown.

But the best advice I feel I or anyone here can ever give you is to remember, the error between user and keyboard is the most significant threat.

DigNap15 · Mar 21, 2021

Zelda said:
Stop the bots? All the bots? Lmao!

There is no stopping every bot that ever existed or will exist. Not haven if you use a service such as Imperva or Cloudflare, to name a few, and proceeded to put yourself behind a domain (DNS) proxy; could anyone here hope to stop every web bot.

Bots change IP addresses, user agents, and scanning methods as easily as you change clothes, only much faster. The only thing you can hope to do is protect yourself from what is known and pray you never are hit by something unknown.

But the best advice I feel I or anyone here can ever give you is to remember, the error between user and keyboard is the most significant threat.

OK, but I would still like to know what they are doing to cause the error message in my OP.
If I could just stop some of them I would feel better.

Pete · Mar 21, 2021

For the sake of argument, let's say your site is myforum.com - they're visiting myforum.com/wp-login.php - it really is as simple as that.

DigNap15 · Mar 21, 2021

Pete said:
For the sake of argument, let's say your site is myforum.com - they're visiting myforum.com/wp-login.php - it really is as simple as that.

Thankyou so much

I just tried that and I got a 404 not found message!

So now I can sleep a lot better.
In thaat case, they are not actually getting into my forum or website!
It really was that simple!

zappaDPJ · Mar 21, 2021

The easiest defense against this kind of probing is to ensure your software, themes and plugins/add-ons are always up to date and that your passwords are strong and unique.

we_are_borg · Mar 21, 2021

If you are getting hammered by one IP address just put it in the firewall.

Tracy Perry · Mar 22, 2021

DigNap15 said:
I want to try and elimate all of these attacks, because they are just taking up bandwith, espcecially in 3 hour time frame, and it also makes it very hard for me to concentrate on the serious errors.

Your'e not going to eliminate them. They will continue as most of these are script kiddies using known attack vectors. As long as the scripts exist, there will be attempts to hit the pages they expect to be present.

vikvaliant · Mar 24, 2021

On my installations of wordpress I put an .htaccess file in the directory /wp-admin to only allow access from specific IPs.

But in general I find fail2ban works well in blocking IPs that are probing your server.

Webhost server error messages

DigNap15

Adherent

zappaDPJ

Administrator

snerd

Aspirant

Pete

Flavours of Forums Forever

DigNap15

Adherent

snerd

Aspirant

Zelda

Participant

DigNap15

Adherent

Pete

Flavours of Forums Forever

DigNap15

Adherent

zappaDPJ

Administrator

we_are_borg

Administrator

Tracy Perry

Opinionated asshat

vikvaliant

Aspirant