Bot trying to run scripts - Apache error log -

leonidasfs · August 26, 2019, 7:45am

Hello,

I access my apache error log and i saw many records like the below:

[Sun Aug 25 21:04:51.937280 2019] [php7:error] [pid 18975] [client 132.232.131.248:46198] script ‘/var/www/mydomain.com/cloud/aotu7.php’ not found or unable to stat
[Sun Aug 25 21:04:52.180715 2019] [php7:error] [pid 18975] [client 132.232.131.248:46198] script ‘/var/www/mydomain.com/cloud/cmd.php’ not found or unable to stat
[Sun Aug 25 21:04:52.423648 2019] [php7:error] [pid 18975] [client 132.232.131.248:46198] script ‘/var/www/mydomain.com/cloud/cmd.php’ not found or unable to stat
[Sun Aug 25 21:04:53.313171 2019] [php7:error] [pid 18975] [client 132.232.131.248:46198] script ‘/var/www/mydomain.com/cloud/bak.php’ not found or unable to stat

It seems to be a bot that is trying to run some scripts on my server, however how can i block such attacks? I am a paid Cloudflare members so i have already enable the WAF. Blocking each single IP and also blocking China, is not a valid solution!

Thank you!

sandro · August 26, 2019, 7:48am

I presume your host is cloud.trackerway.com, right? Is there such a “cloud” directory?

Can you also post the matching entries from access_log?

leonidasfs · August 26, 2019, 8:14am

Yes the path exists, however the scripts don’t exist. The bot tries to run such scripts on my server!

sandro · August 26, 2019, 8:16am

What about the access log?

What you could try for a start is to impose a JavaScript challenge on China. That wont block Chinese requests, but those requests are unlikely to pass.

leonidasfs · August 26, 2019, 1:08pm

But shouldn’t Cloudflare block such kind of spam attack’s? I can’t block such attacks from WAF?

If I block the certain IP or the country, this doesn’t mean that the spam attack won’t happen again!

sandro · August 26, 2019, 1:09pm

I am not asking a third time for access log entries.

No, Cloudflare does not automatically block something, as long as it could be legitimate and the IP address is not flagged. You can also try to increase your security level to High.

leonidasfs · August 26, 2019, 1:48pm

Access log have nothing, they are empty at the date of attack!

Do you think that Rate limiting would help?

sandro · August 26, 2019, 1:49pm

There should be 404s. If the error log shows entries there should be matching entries in the access log.

system · September 25, 2019, 7:45am

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
Blocking Scripts Security firewall	3	2813	December 20, 2018
[serious] WP getting pwned (maybe) with Cloudflare DDOS Protection turned on. Server-side Apache firewall questions, cowboy coding gone wrong Security	1	4424	November 9, 2020
Blocked user-agent being wrongly whitelisted Security firewall , dash-getting-started	42	7094	February 11, 2019
Ahrefs bot blocked by Cloudflare firewall Security	5	3765	July 17, 2021
New account not blocking traffic Getting Started	22	2659	February 25, 2020

Bot trying to run scripts - Apache error log -

Related topics