Hi Everyone,
I’m getting alot of errors in my piwik/matomo installation Apache log file. The errors look like so:
139.216.178.216 - - [11/Feb/2018:20:07:07 +1100] “-” 408 - “-” “-”
::1 - - [11/Feb/2018:20:07:09 +1100] “OPTIONS * HTTP/1.0” 200 - “-” “Apache/2.4.6 (CentOS) PHP/5.6.33 (internal dummy connection)”
The IP address is obviously someone attempting to hack the site, but I’m unsure what they’re trying to do. Can someone give me a few hints?
Thanks
Duke
Hi,
This is neither an error nor an IP of an hacker.
You are looking at the Apache Access log (so the list of requests to your site). The second request comes from ::1 which is the IPv6 address of localhost (so your server). The last parameter (Apache/2.4.6 (CentOS) PHP/5.6.33 (internal dummy connection)) isn’t an error, but the user agent of the visitor, which tells you that those requests come from Apache. (Keep in mind that 2.4.6 seems to be pretty old, so if your distribution doesn’t backport security fixes, there could be some vulnerabilities)
I’m no Apache expert and don’t know why it is making those requests, but you can find information on the internet:
https://wiki.apache.org/httpd/InternalDummyConnection
The first request seems to come from 139.216.178.216, and then timed out (as indicated by 408).
Neither of those have anything to do with Matomo.
Thanks Lukas. I was going through the and there seemed to be an awful lot of these and I thought I should ask the question.