Operating system: CentOS
OS version: 8.4.2105
Is it safe to install package updates? I mean, can it mess up something?
I am constantly checking Apache Error Log and first few months i had pretty much no errors. I wasn’t changing any settings… i only installed package updates and then few months later i am seeing thousands of errors every day.
Maybe someone knows how to fix these errors?
Updates are mandatory. You should never run old software on world-facing system.
Updates probably won’t “fix” any those errors, because they aren’t indicative of bugs. But, you must update your software regularly.
A lot of them are not controlled by the server, they indicate the client went away not that anything went wrong on the server. I don’t know why it’s so chattery.
The 30 second messages indicate you have a slow page (or pages). You either need to fix the slowness (which is specific to the app, not Virtualmin) or increase the timeout.
I was checking apache access log and i noticed a lot of bots. I decided to add robots.txt and block all bots except google and bing. Turned out there are so called “bad bots” who ignore rules from robots.txt so i had to block via htaccess.
And you know what? today i have only one error.
I still have to find out how to block “PetalBot” as it somehow manages to get around block from htaccess.
Today i have 400+ errors. But all these errors in around a minute.
From: Jun 07 04:07:10 till Jun 07 04:08:35.
Errors are from around 10 IPs:
ISP: China Telecom
China: Recently reported forum spam source. (13)
ISP: China Unicom Liaoning
ISP: Netmagic Datacenter - India
ISP: Performive USA
Services: Suspected network sharing device
Recently reported forum spam source. (94)
Errors:
[proxy_fcgi:error] (70007)The timeout specified has expired: [client IP:63861] AH01075: Error dispatching request to : (polling), referer: edomain.com/
[proxy_fcgi:error] [client IP:47866] AH01079: failed to make connection to backend: localhost, referer: edomain.com/
[proxy:error] (70007)The timeout specified has expired: AH00957: FCGI: attempt to connect to 127.0.0.1:8000 (*) failed
Can someone explain what is “referer”? and why in most errors this referer is my domain with “e” in front?
In screenshots i have same errors but there was referer with “n” in front of my domain.
In referers i also found:
referer: Check website performance and response: Check host - online website monitoring
check-host.net is "Check website availability and performance with responses from many servers in various countries. "
I use Cloudflare for that. There are several bots that have that sort of behavior and completely ignore robots.txt.
I think you can do the same thing with whatever firewall you are using, you simply make a rule for it and that will stop it.
A referer is something that sends you somewhere else. For instance, if you’re on this site and I post a link to another site and you click on it, this site is the referer. It sent you there and that site sees it.
any ideas why referer for most of these 400+ errors was my domain, but with “e” in front?
like edomain.com, or ndomain.com
and there was at least 5: https://check-host.net/check-report/14491bbka1a
The referer is set by the client. Your server doesn’t control what referer the client sends (for browsers, it reports the actual referer, but crawlers can make up anything they way). No one other than the person who wrote or configured the software that’s making the request can tell you why they chose to send that referer. A referer can be spoofed trivially (which is why you should never depend on the referer for security).
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.
