Search the Community

Hi, Apologies if this isn't the right forum for this question. I couldn't find the perfect forum for my question, but I'm hoping someone can help. Basically, I've been having problems with a site I manage, with the site going down regularly, 401 Forbidden error pages cropping up reguarly, as well as Server Configuration Error pages, although only ever sporadically. I've been trying everything to work out the issue but no luck as of yet. However, one thing that seems strange is the following messages that I'm getting in the access logs. Now, this shouldn't be a problem as Facebook often creates messages like these when it's accessing files from a server. However, there are thousands of messages like this that reference files that don't exist. Honestly, it's constantly trying to access .jpg files that don't exist, and so I suspect this is what's causing the server to keep crashing. Has anyone had anything similar to this before? comono.co.uk 173.252.88.88 - - [20/Nov/2015:13:13:46 +0000] "GET /uploads/2009/9/28/873128bf77.jpg HTTP/1.1" 403 379 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)" Thanks, Russ

This is basically a Show off your Logging, Error Reporting and/or Honeypot scripts for Web servers. Summary This is a php version that includes various features including randomized fake error reporting to the client and detailed logging (that is part of an ongoing project and is inspired by a few online resources). Useful for slowing down scanners, and generally seeing what happens to your server while your away. You will probably will need to change example.com to something. ./global.php <?php if(!session_id()){session_start();} $_SERVER['logdate'] = date('Dd_M_Y'); Function TarPit() { /* Send to Tarpit */ $responce = array(204,300,301,302,303,304,404,406,409,410,418,500); $array_select = array_rand($responce,1); http_response_code($responce[$array_select]); Exit(Require_once './custerr/en.php'); } Function Logging($state,$name,$message,$script){ //Int,String,String,Bool if(isset($_SERVER['HTTP_USER_AGENT'])){$_SERVER['HTTP_USER_AGENT'] = 'UserAgent Not Set';} //Logging Method $logstr = "=========================================================\r\n"; //Other,Success, Failed, Error If($state = 0){$logstr .= $name . "\r\n";}//Other elseif($state = 1){$logstr .= 'Success: '. $name . "\r\n";}//Success elseif($state = 2){$logstr .= 'Failed: '. $name . "\r\n";}//Failed elseif($state = 3){$logstr .= 'Error: '. $name . "\r\n";}//Error $logstr .= "=========================================================\r\n"; $logstr .= $_SERVER['REQUEST_TIME_FLOAT'] . "\r\n"; $logstr .= $_SERVER['date'] . "\r\n"; $logstr .= $_SERVER['HTTP_USER_AGENT'] . "\r\n"; if(isset($username)){ $logstr .= "---- User Authenticating ---- \r\n"; $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $username .": Attempted Login result \r\n";} elseif(isset($_SESSION['username'])){ $logstr .= "---- User Authenticated ---- \r\n"; $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $_SESSION['username']. "\r\n";} else{$logstr .= $_SERVER['REMOTE_ADDR'] . "\r\n";} if($script !== 0){ $logstr .= "---- Powershell ---- \r\n"; $logstr .= 'powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_password "' . $base64_password . '" < NUL'."\r\n";} if(!empty($GLOBALS['php_errormsg'])){ $logstr .= "---- php_errormsg ---- \r\n"; $logstr .= $GLOBALS['php_errormsg']."\r\n";} if(!isset($message)){ $logstr .= "---- Additional Information ----\r\n"; $logstr .= $message."\r\n";} $logstr .= "---- Session ----\r\n"; foreach ($_SESSION as $key => $value) { if(is_array($_SESSION[$key])){ foreach ($_SESSION[$key] as $key2 => $value2) { $logstr .= '$_SESSION['.$key.']['.$key2.'] = '.print_r($_SESSION[$key][$key2],true)."\r\n";} }else{$logstr .= '$_SESSION[\'' . $key . '\'] = ' . $value ."\r\n";} } $logstr .= "\r\n"; // '../Logging/'.$_SERVER['logdate'].'.txt' should preferably be outside the website root or protected by .htaccess or cmod file_put_contents('../Logging/'.$_SERVER['logdate'].'.txt', $logstr, FILE_APPEND | LOCK_EX); RETURN $logstr; } Function ErrorHandle($message,$tarpit){ //Critical Error //EXIT(ErrorHandle(Logging($state,$name,$message,$script),$tarpit)); Is Suggested //String, bool, Int //Report to Administration $headers = "From: webmaster@example.com \r\n" . "Reply-To: webmaster@example.com \r\n" . "X-Mailer: PHP/" . phpversion(); mail('webmaster@example.com', "Error Handle" . $message, $headers); $_SESSION['MSG'] = NULL; if($tarpit == 1){exit(TarPit());} else{exit(/*Destroy Session Data maybe*/);} } ?> ./custerr/en.php <?php $http_response_code = array(204,300,301,302,303,304,404,406,409,410,418,500); $http_response_name = array('No Content','Multiple Choices','Moved Permanently','Found','See Other','Not Modified','Not Found','Not Acceptable','Conflict','Gone','I am a Teapot','Internal Server Error'); $http_response_discription = array('','Just letting you know this is actually a questionnaire?','Moved permanently somewhere else. Definitely not here although','Don\'t Panic! The monkeys have found it','Go see the other guy.','This page is Definitely not modified in anyway.',' The requested URL ' . $_SERVER['REQUEST_URI'] . ' was not found by the monkeys on this server.','This is Unacceptable','Just couldn\'t decide on what to give you','It\'s Gone. Just Gone?','I am a Teapot','Internal Server Error'); $key = array_search(http_response_code(),$http_response_code); Print('<!DOCTYPE html> <html><head> <title>' . http_response_code() .' '. $http_response_name[$key] .'</title> <h1>' . http_response_code() .' '. $http_response_name[$key] .'</h1> <p>' . $http_response_discription[$key] . '</p> </body></html>'); ?> ./Test.php <?php require_once 'global.php'; $serverarray = array($_SERVER['SERVER_ADDR'],'example.com'); if(!array_search($_SERVER['SERVER_NAME'],$serverarray)){EXIT(ErrorHandle(Logging(0,'Other Server Request','Requested Server'.$_SERVER['SERVER_NAME'],0),1));} ?>