I can't seem to squash this error. I recently installed OSSEC on a Digital Ocean droplet, and I'm getting this message every 15 minutes or so. I've tried blocking the client IP addresses with UFW, tried searching the server for this POST_ip_port.php file, no luck.
Received From: worksdev->/var/log/apache2/error.log
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
[Wed Jun 17 10:47:43.135294 2015] [:error] [pid 18370] [client 222.186.129.5:2636] script '/var/www/worksdev.com/public_html/POST_ip_port.php' not found or unable to stat, referer: http://123.249.24.233/POST_ip_port.phpAccept: */*
This question is the only similar issue I've found after extensive Googling. Unlike my issue, the wp-chron.php file exists. I suspect the POST_ip_port.php file is related to some kind of malicious exploit.
Any suggestions?