I am developing an eBay-like system in PHP only to accept Bitcoin as the only payment method. For this purpose I've set up a virtual machine on my computer because I don't want to be paying for hosting while the system is still in development. I have it protected by the free Cloud Flare plan just to hide my IP and to make the page load a bit faster.
Because I'm constantly working on the website I have the Apache 2 error log constantly open ("tail -F /var/log/apache2/error.log"). And recently I've been seeing some pretty unusual requests being made to the server that I haven't made. My question is if this is just something Cloud Flare does (although I don't see why they would make requests like this), maybe something Google or some other search engine does while crawling the site (I have seen the website indexed on Google and Yandex) or is it just someone trying to screw with my system?
I can't really look up the IPs provided in the error.log file as they are Cloud Flare IPs.
Here is an example request:
[Fri Dec 23 07:37:27.821849 2016] [core:error] [pid 10416] [client 61.93.78.89:55510] AH00126: Invalid URI in request \xbb\xa7gc\\;\x1c8\x82\x06\x98\x82f\x1e\x02.j\xa0\x9e>p\xa3OE\xd9\xca\xb1\xe93F\b\x11
I sometimes also get requests for scripts that don't exist on the server, like echo.php and xmlrpc.php.
I've also looked up xmlrpc.php and it looks like it's a part of Wordpress. But again I don't know if it's just Cloud Flare or a search engine crawling the site or is someone actually trying to screw with the system?
Thank you for your answers!
