Quote:
script '/var/www/proxyheader.php' not found or unable to stat
[Sat Mar 24 00:56:45 2012] [error] [client 187.109.10.13] Invalid URI in request GET HTTP/1.1 HTTP/1.1
[Sat Mar 24 21:41:16 2012] [error] [client 99.144.176.37] request failed: error reading the headers
[Sat Mar 24 22:23:02 2012] [error] [client 80.213.138.115] Invalid URI in request bCD\xe4\x98\x0c\xa3\xd3?\x84\xef\xe1h\xac\xcc
[Sun Mar 25 03:24:00 2012] [error] [client 58.218.199.147] script '/var/www/judge.php' not found or unable to stat
|
The Internet has given us a million monkeys banging away on a million keyboards and they have yet to have duplicated the works of Shakespeare. These are various connections and get requests sent to your server. They are invalid because the resources don't exist, which they shouldn't. They are caused by the Internet monkeys who are running scripts that are playing "In Search Of" and looking for low hanging fruit to exploit. The "bCD\xe4\x98\x0c\xa3\xd3?\x84\xef\xe1h\xac\xcc" is sending a stream of non printable characters, where the \x likely means hexadecimal, followed by the numbers. This is likely meant to target some application in a specific manner or even to probe your system for such an exploitable application. [sarcasm]Application developers aren't immune from believing in security through obscurity and may well believe that nobody will ever guess the control code sequence that they magically look for in the URL parameters.[/sarcasm]
With respect to your Apache server being reset, unSpawn tried to point you in the right direction. I am going to elaborate on his answer because while a push in the right direction (a hint towards the answer) I think the hit may be a little to vague for a new user. There is a utility called Logrotate that is responsible for making archive copies and compressing your old log files to save space and facilitate getting at the current information. In almost all cases, after the log files are processed, it is necessary to cause the process using the log to restart. This can be done in a couple of ways, but if you look in the /etc/logrotate.d/ folder you will see scripts for each application. Some, like Apache may use the init service and simply "restart". Others may send what is called a HUP or Hangup 'signal', which is basically a form of interrupt, in conjunction with the killall command to the process, to command it to restart or reset. This causes the application to start a new logfile in the process, but also causes the restart you witnessed.