Getting lots of server errors directory index forbidden by Options directive from same referer

About

Asked 18/8, 2021 at 11:45 Answered 24/8, 2021 at 16:35

Solved wordpress webserver cpanel error-logging

I have a load of entries in my web server error log from the same referer. See example below:

Cannot serve directory /home/*****/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php7,index.php5,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.html,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com

I have been getting this error from the same referer (binance.com) for weeks. I know this error is a result of my .htaccess and security settings forbidding indexing in that directory etc... However my question is will having this amount of attempts affect performance? Is the referer (binance.com) the origin of the attempt? If so, is it worth me somehow blocking this independently to tighten security? Or is it best left alone not really affecting anything?

Thanks

Eldrida answered 18/8, 2021 at 11:45 Comment(6)

This error indicates that a given directory in your website does not have a index file. In most cases you can ignore this error it simply means that some one tried to access a directory that did not have a index file. For example some one visited yourdomain.com/wp-admin/css/ this caused the log entry to appear. – Palm 18/8, 2021 at 12:2

I recommend you to also do a quick search on Stack overflow for Cannot serve directory as there are plenty solutions to this I will link one of them below – Palm 18/8, 2021 at 12:5

Does this answer your question? Disable "Cannot serve directory" errors – Palm 18/8, 2021 at 12:6

My question is "will having this amount of attempts affect performance? Is the referer (binance.com) the origin of the attempt? If so, is it worth me somehow blocking this independently to tighten security?" – Eldrida 19/8, 2021 at 21:5

I've seen these pop up in the 100s across 4 different WPe sites in the error logs as well. What I find is interesting is they are ONLY on a theme called "GEM - TheGem + Elementor" - what theme are you using? Only danger I see here is "loading up the log" (a non issue if you have a log limit file size set) but it does raise my eyebrow, its the kind of thing that seems like a shenanagan may be brewing. these either end in [nothing, mountain out of molehill] OR [whoops, we should have looked into that and taken it seriously] PS- its possible to fake the header, might NOT be binance.com sending – Madelynmademoiselle 13/10, 2021 at 3:31

I voted to close this question because it is not a programming question and it is off-topic on Stack Overflow. Non-programming questions about your website should be asked on Webmasters. Next time, just ask your question there instead of here. – Juster 14/11, 2021 at 11:35

I'm running a Wordpress site as well. Recently started seeing the same thing from this referer. The error indicates that binance.com has a page that is attempting to include a directory as though it was a file. Something like this:

<link rel="stylesheet" href="https://website.com/wp-admin/css/">

My guess is that this is actually some kind of security scan unrelated to binance.com that is just using their hostname to distract from the scan itself, or spam/scam to drive traffic to binance.com. It appears there has been a rise in these occurrences in the last week or so. I see others reporting the same thing online. The good news is that your Apache config is such that directory listing is disabled. Directory listing is evil ;)

Dactylic answered 24/8, 2021 at 16:35 Comment(1)

Thanks Dan great reply. I will ignore the errors. Not much cause for alarm then. As you say, I have my directory listings disabled. – Eldrida 25/8, 2021 at 19:17

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags