Hello,
I assume you masked here your server's IP. Correct?
Code:
[COLOR=#333333][client my.server.ip.adres:39458]
[/COLOR]
The client's IP in the logs is the server's IP. And here only the following explanations come to my mind:
- you are using a fron-tend (nginx, varnish) in front of Apache and did not configure the latest to detect a real IP of an user who's vising your server. In this case in logs your server's IP will be written instead of user's IP.
- you have a legit crontask which is trying to connect to code.php over HTTP/HTTPS (probably you removed a domain, but a task exists and DNS of such domain still points to your server), check /var/spool/cron/, /etc/cron.d, /etc/cron.daily, /etc/cron.hourly, /etc/cron.monthly, /etc/crontab, /etc/cron.weekly
- malware, as it was already mentioned. Check home directories for possibly infected files.
If you want to understand who is triggering the file the best way is to create it. So create the file
/var/www/html/code.php then and add PHP instructions to save all headers and $_SERVER array into a text file, then I'd add a HTML code to load a JS file. Primitive bots can not load JS files. So if a JS is loaded (check in logs, whether or not you see requests for it), then it might denote the script is requested by a human. JS script could show your email or phone number asking for a feedback.