script not found or unable to stat: /usr/lib/cgi-bin/php-cgi

If you're running a default configuration of Apache on Ubuntu (or have used the default config as a blind template for other virtualhost directives) you'll likely find that you have a ScriptAlias directive mapping /cgi-bin/ (relative to the apache document root) to the filesystem location of /usr/lib/cgi-bin/ - so what they're actually trying to load is http://your.host.name/cgi-bin/php4.

If you're not using your cgi-bin for anything, you're unlikely to lose anything you care about by commenting out the sections relating to it (and the more defined to your needs your configuration is, the smaller any potential attack surface).

You'll find the relevant directives for the default site in /etc/apache2/sites-available/000-default, if memory serves.


Seems theres someone trying to find a php cgi binary in your cgi-bin path. As long as there's nothing exploitable in there, there's nothing to worry about.