NGINX, a lot of errors appear in the error_log even without logging in

nginx

You can't prevent this and shouldn't worry either

These "errors" will happen whenever somebody (or more likely something) requests a file from your webserver that doesn't exist.

Such an error message might be an error in your site and indicate a dead link, but that is not the case here.

Whenever a system is accessible to the internet at large and responding to connection requests you will almost immediately and continuously see (mostly automated) probes making such connections.

Once connected to a webserver such probes will try to either crawl your website (for example to index your site for a search engine), or more commonly, they try to determine what software and which versions you are running.

Once a specific software package(s) has been found you will usually see subsequent attempts to abuse known vulnerabilities in that package.

"/usr/share/nginx/html/phpMydmin/index.php" failed (2: No such file or directory)

This for example looks for a phpMyAdmin, which is commonly installed in a default directory phpMyAdmin (and too often both publicly accessible not regularly updated, leaving it vulnerable to one of the many new vulnerabilities that regularly get found, disclosed and fixed in a new release).

You don't have phpMyAdmin installed (there), hence the "file not found" error. Then the probe continues to attempt locate it in other common locations, /xampp/phpmyadmin/ , /tools/phpMyAdmin/ etc. Failing that the probe may scan for other commonly installed tools, or move on to the next IP-address.


Most requests are targeted to an IP address, not a specific domain. If the virtual host is the default virtual host, it means all requests are processed by that block.

You should create a virtual host for your own domain, and disable logging for your default virtual host.

The configuration looks something like this:

server {
    listen 80 default_server; # Make default virtual host

    server_name _; # Dummy host name

    access_log off; # Disable access.log

    return 404; # Return 404 error to all requests
}

server {
    listen 80; # Listen to HTTP port

    server_name example.com; # Domain name for the virtual host

    ... # Rest of the configuration
}

However, once bots learn about your domain name, you will get your share of these requests. Then you can further filter requests by matching user-agents that definitely aren't used by your visitors.

Another alternative is to use a provider like Cloudflare that filters most of this traffic so that it doesn't reach your server.

Related

Radius authentication does not work in Strongswan, when comming from a Windows VPN client?
Nginx access_log off - apply to a single URL without stopping it returning a response
Howto start and detach screen with user environment on startup?
Log file for outgoing PHP requests (like access.log)
Cron Help in Amazon Linux 2 EC2 [duplicate]
ntpq -pn gets timeout, (because i think) nptd doesn't bind to ::1, why?
Anyone know of a script, program, etc... to check folder/file permissions and repair/restore?
Hardware token/UUID for authentication of software
Does Software RAID-1 Double The Writes Over The Controller/Interface?
What is the meaning of [security] on the Debian packages web
grep -P negative lookahead does not work [closed]
Self-Signed SSL: Subject Alternative Name (SAN) are not respected by my web browsers