My access_log is filled with requests for scripts I don’t have. What’s going on?


I noticed that my access log has requests for things like wp-admin, phpmyadmin, phpbb, etc. – scripts that I do not have installed. The requests seem to come from all over the world and sometimes one right after another. What is going on? Do I need to be worried about this?


This is, unfortunately, normal. The entries may resemble:

"GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 877 "-" "-"

These entries are attackers scanning to find servers they can exploit. You’ll see them scanning for most common web apps and scripts. As long as you don’t have a copy of the script they are looking for installed you are fine. Even if you do, you are good as long as your install is current.

Hackers know that popular scripts like WordPress, phpMyAdmin, phpBB, etc. have millions of installed instances. They also know that many users may install one of these scripts to test and then never use it again and worse, never update it. Once a security vulnerability is found in a particular version of a script, hackers use lists of randomly compiled domain names and start checking if each domain has the hackable version of the script installed.

You do not need to worry about these types of “scans” as long as you do not have old versions of scripts installed. We highly recommend that you remove or disable scripts that you no longer use and keep all scripts you do use up-to-date.

browser tries to download php

Browser tries to download php pages screenshot


Sometimes my browser tries to download or save php files from my website. What causes this? How can it fix it?


This can happen for a variety of reasons. However we frequently see it when a page is timing out. If you are connecting to a remote database make sure that the database is up and that dns is resolving correctly for it.

Adding Silverlight support to Apache (mime.types)


Do I need to make any changes for the Apache webserver to support Silverlight apps?


In most cases, no changes need to be made.

If you are having problems, try adding:

application/manifest manifest
application/xaml+xml xaml
application/x-ms-application application
application/x-ms-xbap xbap
application/octet-stream deploy
application/ xps
application/xaml+xml xaml
application/x-silverlight-app xap

to your mime.types file

Don’t forget to restart apache with:

/usr/local/apache/bin/apachectl graceful

after you make the change.