Loads of missing file errors in my logs

My server errors logs are just full of requests for missing files, but I can’t figure why these files are being requested.

The invalid requests accompany a valid one, and the invalid ones are usually to the root of the current directory eg there’s a valid request to /products/product.php?pid=1234 and then there’s a request to /products/, like it’s referencing an image or resource on the original page.

It looks like the users are valid ones, based on adwords tags, browsing behaviour and user agent.

I’ve looked on the requested page (eg /products/product.php?pid=1234) and there’s no reference in the html to /products/. I’ve checked network requests using chrome and firefox tools, and I can’t see any requests for these pages that are being requested.

I know it’s not the end of the world, but writing to log files all the time will be slowing down the server a bit, and annoying me, and making real errors harder to spot.

Has anyone else got this behaviour? Any fix?

Are you using any redirect rules to display your products? A lot of times I see this behavior it is because you are using a relative path to an image/style sheet/script in your output, which then looks in the /products/ folder for those files, when in reality they are located in the root folder.

I do have redirect rules (eg /cat/back_scratchers to serve /products/category.php?name=back_scratchers) , and I did wonder about that, but I do reference my images from root (/images/image.jpg), and it also occurs on pages without any redirect rules. Also, the files being looked for are largely pointing at a directory eg /cat/, rather than looking in /cat/image.jpg for something which is in /images/image.jpg

Can you post the entries from the apache log here? Or a link to the page that makes this occur?

Also, if you use firebug or Google Chrome, you can open up the page, open Firebug or press F12 in Google Chrome, go to the Network section, refresh the page and then look for 404 statuses to see what elements on the page produce the response (granted it should match what you are seeing in your logs).

Often those kind of page not found errors are from hackers fishing around looking for page names of pages in common web applications, pages that have know vulnerabilities. Fairly often I see 20-50 such errors in a row looking for pages of apps that aren’t installed on my server.

Doug G is correct. Because of the “script kiddies” out there, you’d better check your code to ensure you can handle these bogus requests which are merely probes of your web application. Defensive programming is a lot easier than repairing a hacked website and trying to reestablish online credibility.