apache access logs extreme amount of entries

Question

So i was made aware that a site on my server was getting hundreds of thousands of requests per day, so i checked the access log out.

I found literally thousands of lines of the below:

103.67.235.89 - - [18/Oct/2017:06:27:26 +0100] "GET /plugin-notices.php HTTP/1.0" 301 576 "-" "-"
198.71.228.64 - - [18/Oct/2017:06:27:26 +0100] "GET /plugin-notices.php HTTP/1.0" 200 3964 "-" "-"
150.95.105.161 - - [18/Oct/2017:06:27:26 +0100] "GET /plugin-notices.php HTTP/1.0" 200 3964 "-" "-"
77.72.1.34 - - [18/Oct/2017:06:27:26 +0100] "GET /plugin-notices.php HTTP/1.0" 301 576 "-" "-"
93.174.127.11 - - [18/Oct/2017:06:27:26 +0100] "GET /plugin-notices.php HTTP/1.0" 301 576 "-" "-"
77.72.1.34 - - [18/Oct/2017:06:27:26 +0100] "GET /plugin-notices.php HTTP/1.0" 200 3964 "-" "-"
103.4.213.6 - - [18/Oct/2017:06:27:26 +0100] "GET /plugin-notices.php HTTP/1.0" 301 576 "-" "-"

Is this normal for a WordPress install? Or am i getting hacked?

Is there a way to prevent this. They all seem to be HTTP 1.0 requests which i have already blocked via .htaccess, so not quite sure what is going on?

Answer 1

Looking at your logs, I would say you've been already hacked.

All that IPs are looking for only one page, which is probably a malicious program, and probably all of them (I've tested 4) are other sites already hacked (see for yourself, ust copy/paste an IP in your browser, they are all websites).

Now, I would stop apache, search for that file and check what is it.
Be aware, sometimes you see a perfectly clean file, but scrolling on the right like 200 characters, you find the malicious code. This happened to me years ago, at the beginning was a mystery..

Once confirmed that's a trojan (or whatever), delete the plugin, check all the other plugins, and maybe check your apache configuration, maybe there's some hole that allowed that code to get into your server.