php not found or unable to stat [closed]

Question

In my Apache error log, I have continues below PHP error every day.

[Wed Dec 26 01:31:33.736040 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/help.php' not found or unable to stat
[Wed Dec 26 01:31:33.968964 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/java.php' not found or unable to stat
[Wed Dec 26 01:31:34.193285 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/_query.php' not found or unable to stat
[Wed Dec 26 01:31:34.438809 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/test.php' not found or unable to stat
[Wed Dec 26 01:31:34.670210 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/db_cts.php' not found or unable to stat
[Wed Dec 26 01:31:34.906519 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/db_pma.php' not found or unable to stat
[Wed Dec 26 01:31:35.730291 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/logon.php' not found or unable to stat
[Wed Dec 26 01:31:35.951930 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/help-e.php' not found or unable to stat
[Wed Dec 26 01:31:36.191505 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/license.php' not found or unable to stat
[Wed Dec 26 01:31:36.847792 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/log.php' not found or unable to stat
[Wed Dec 26 01:31:37.550605 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/hell.php' not found or unable to stat
[Wed Dec 26 01:31:37.798508 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/pmd_online.php' not found or unable to stat

I don't have any PHP files on the path /var/www/html/
The client IP is unknown to me and every day this client IP changes. I use PHP 7.2 on Ubuntu 18.04 and Apache 2.4.29.

Answer 1

These files are related to potential vulnerabilities that attackers try to exploit.

The IP address that is showing in your log is from China https://www.abuseipdb.com/check/129.204.75.228

As you don't have the files, you can create the files with the same name to redirect the attackers to download a huge file.

<?php
    header('Location: http://speedtest.tele2.net/10GB.zip');
    die();
?>

Also, by doing this, the log will no longer report the error.