Hi,
Our cobalt raq 4i server is crashing several times a day. We read the error log file of the our web server, it is as follows:
[Thu Nov 15 14:20:30 2001] [error] [client 64.180.173.170] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl
[Thu Nov 15 14:21:40 2001] [error] [client 195.10.132.18] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl
[Thu Nov 15 14:21:57 2001] [error] [client 213.98.168.121] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl
[Thu Nov 15 14:22:49 2001] [notice] SIGUSR1 received. Doing graceful restart
[Thu Nov 15 14:22:50 2001] [notice] Apache/1.3.20 Sun Cobalt (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6b PHP/4.0.6 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25 configured -- resuming normal operations
[Thu Nov 15 14:24:48 2001] [error] [client 213.209.67.62] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl
[Thu Nov 15 14:26:10 2001] [error] [client 212.6.86.83] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl
[Thu Nov 15 14:29:24 2001] [error] [client 212.144.69.191] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl
[Thu Nov 15 14:30:02 2001] [error] [client 24.247.134.19] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl
[Thu Nov 15 14:30:12 2001] [error] [client 216.35.116.91] File does not exist: /home/sites/site15/web/robots.txt
[Thu Nov 15 14:32:13 2001] [error] [client 172.173.96.21] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl
[Thu Nov 15 14:32:33 2001] [error] [client 24.222.115.117] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl
[Thu Nov 15 14:32:37 2001] [error] [client 24.178.183.193] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl
[Thu Nov 15 14:33:53 2001] [error] [client 213.209.67.62] File does not exist: /home/sites/site17/web/cgi-bin/sflinks.pl

As you see it is a sample not the whole log, and this error has been continued for 3 days until we suspended the site.
The sflinks.pl does not exists on our server, and we have not ever heard about it or used it. As you see the source is different each time since there are several IPs.
Can anybody advise.

J. Joubarani

My guess... this site had a script at one time that either (with permission or possibly without permission) other sites linked to and used. This is no longer the case, but the sites still have the form and are still attempting to run the script.

I would suggest creating a text file named sflinks.pl and putting in the /home/sites/site17/web/cgi-bin/ directory and let whoever is calling for the file get it.

Have you researched your logs to see where those IP's are coming from (referring page)? I checked out PTR on a few of them and they appear to be dial-up IP's, which would support chicken's theory.

Let us know what you find out - I am curious!!

I tried two several IPs, it seems that most of them were dial up IPs. One of the lookups I made on one IP showed:

IP address: 66.67.52.223
Host name: roc-66-67-52-223.rochester.rr.com

TraceRoute to 66.67.52.223 [roc-66-67-52-223.rochester.rr.com]

Can this indicate anything. It sounds that these IP are from different destinations. Please note that we have never heard or used the mentioned sflinks.pl file.
Do you have any explanation?

:confused:

From your first post, you seemed to indicate that this wasn't your site (and that it is one you host), so I don't understand why ti would seem odd that you've 'heard or used ... sflinks.pl' unless it is your site? If it isn't your site, have you asked the owner what sflinks.pl was? I searched google and altavista and they couldn't find an instance of it.

Hi,
I know all the files on the server since I am the only webmaster on the server and know all the sites files on it. I have never used such a file at all in any site in the server.
The server does not contain any file with such a name either now or before.
I don't even know what is its function or I have never heard about it.
I still search for an explanation, can anybody help?
Regards,

Is this IP relatively new to you? and you say that you are in control of all of the sites so no one else has access to the domains on the site? If the IP is new to you then I would guess that their might be a stale link out there that lists that IP addy.

I did not understand. If you meant by IP address the IP addresses that appeared in the log file, from which all the requests came, they were multiple IPs which I didn't know most of them.
For the site I talked about, I know everything in it since I am the only admin for the whole server and all the sites, consequently I know all the scripts and files installed on the server and in each site as I mentioned before.