Null ERROR in Apache error log?


#1

It’s about 3 days that in my Apache error log are reported lines like this one:

File does not exist: /home/user/domain/directory1/null
File does not exist: /home/user/domain/directory2/null
File does not exist: /home/user/domain/directory3/null

… for EVERY directory of my site!

what is generating the above error?
(no need to say that I have no links like that)

thank you!


#2

If you type in a browser window ttp://example.com/null and then check your error log you should see the same error.

Was there a client address given at the same time?

Someone may just be pinging your site. Check in the access.log to see if there is a corresponding record indicating perhaps some sort of bot.


Norm

Opinions are my own views, not DreamHosts’.
I am NOT a DreamHost employee OK!! :@

You act on my advice at your own risk!


#3

Thank you for your reply

[/quote]

Yes, of course…

[/quote]

Unfortunately it’s not a bot… the error is generated from more than 100 different IPs coming from different countries…

I dont’t know, maybe something in the DreamHost Apache configuration changed? Something that I can fix with my .htaccess file?


#4

I would not have thought it an Apache configuration else there would be a few others suffering, unless they do not know yet. Have you added anything of late to your site that might be attracting interest to your site around the world (sort of a mini slashdot effect)? It might just be a load of zombies being fired off at you.

Drop a line to Support with a snippet of the error log just in case the shared server you are on is being attacked.


Norm

Opinions are my own views, not DreamHosts’.
I am NOT a DreamHost employee OK!! :@

You act on my advice at your own risk!


#5

That doesn’t mean its not a zombie network either. Or maybe even a bad link on a popular web site.

You haven’t really provided enough information to convince anyone that something is wrong either. It’s not exactly a bad thing if you get a strange request now and then. Requests come from other computers, not the server, and you may never know why the other computer decided to make the request given that there are no issues with DNS or virtual hosting.

At this time, if I were you I would check to see if the referer field in access.log appears to be valid enough to determine if it is a bad link causing the requests. Then I’d note the url-path make a script log any query or POST data to rule out exploit attacks. Then note the frequency (is it 100 times a second or 100 times an hour?) and contact support if the frequency is extremely high in case it is a DDOS. 200 hits a day is not a DDOS.

You might want to make a script that checks to see if the Host header being sent is your domain. The host header appears in the HTTP_HOST environment variable.

:cool: [color=#6600CC]Atropos[/color] | openvein.org