I was looking at my Apache access log and came across some strange requests. A single IP address will access several resources (mostly css style sheets and images), but no actual pages.
Sometimes they are requesting a resource that no longer exists on the server, or one that is still under the web root but no longer used (e.g. a resource in an old WordPress theme).
Also:
- The requests list no referrer
- I get no useful information on the IP address by looking it up
- There doesn't seem to be any pattern among the IP addresses that are making these requests (e.g. different countries)
Are these just links from a stale cache somewhere? Could it be a sign of an attack of some sort?
Here is a typical example:
GET /wp-content/themes/my-theme/images/old-image.gif HTTP/1.1" 500 809 "-" "Mozilla/4.0 (compatible;)"
This was one of about 10 similar requests, some for existing resources, some for older resources. There is no other sign of this IP address in access_log.
Note the internal server error, which is a topic for a different thread. What I'm asking here is where would isolated requests like this come from?
Without knowing which IP it came from, there's really no way for us to give you a good answer. You have a webpage out on the public internet - it's going to get a fair share of random requests. It is highly unlikely that these requests are malicious, so if I were you, I'd not worry about it.