Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nginx error log spam: connicon.cgi not found

    webGUI
    4
    5
    843
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pdwalker
      last edited by

      I'm getting the following error message in the nginx and system error logs:

      2017/03/24 14:52:55 [error] 93654#100248: *7 open() "/usr/local/www/cgi-bin/MANGA/connicon.cgi" failed (2: No such file or directory), client: 10.10.1.172, server: , request: "GET /cgi-bin/MANGA/connicon.cgi?type=favicon HTTP/1.1", host: "10.10.1.1"

      Does anyone else have this problem?  Does anyone have an idea how to shut it off as it's annoying.  The above ip address is the firewall itself.

      I'm running version 2.3.3-RELEASE-p1

      Thanks in advance for your help.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @pdwalker:

        request: "GET /cgi-bin/MANGA/connicon.cgi?type=favicon HTTP/1.1", host: "10.10.1.1"
        Does anyone else have this problem?  Does anyone have an idea how to shut it off as it's annoying.  The above ip address is the firewall itself.

        Look again at the request.
        It comes in on 10.10.1.1. I guess you know who that is. Again : the request comes IN on that interface from 'some one'.
        Easy solution => take out the network cable on that interface …. and you will notice that the requests stop ... ;)

        Because : some LAN device is hammering these request into your pfSense. Locate this device, shut it down. Case closed :)

        No "help me" PM's please. Use the forum, thanks.

        1 Reply Last reply Reply Quote 0
        • K
          kpa
          last edited by

          Avast antivirus/firewall is (was?) notorious for doing that kind of probes on the gateway to discover potentially vulnerable versions of the device firmware. Worth checking. The other likely possibility is that you have a malware/virus running on that LAN host.

          1 Reply Last reply Reply Quote 0
          • P
            pdwalker
            last edited by

            @Gertjan:

            @pdwalker:

            request: "GET /cgi-bin/MANGA/connicon.cgi?type=favicon HTTP/1.1", host: "10.10.1.1"
            Does anyone else have this problem?  Does anyone have an idea how to shut it off as it's annoying.  The above ip address is the firewall itself.

            Look again at the request.
            It comes in on 10.10.1.1. I guess you know who that is. Again : the request comes IN on that interface from 'some one'.
            Easy solution => take out the network cable on that interface …. and you will notice that the requests stop ... ;)

            Because : some LAN device is hammering these request into your pfSense. Locate this device, shut it down. Case closed :)

            Sorry, I've been away for a while.

            The .172 address is my PC, and the .1 address is the firewall.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              As said above, it has nothing to do with pfSense. The request is coming from your PC.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post