what does /?p=### mean in my error_log

Question

I am worried that a repeated error that I am getting may be an attempt to hack the site via injection at the URL line.

Here are some samples directly from the server's error_log file. These always seem to come in pairs:

[11-Apr-2014 23:21:26 America/Chicago] PHP Warning: include(content/?p=389.php) [function.include]: failed to open stream: No such file or directory in /home/the_site/public_html/includes/htmlContent.php on line 27

[11-Apr-2014 23:21:26 America/Chicago] PHP Warning: include() [function.include]: Failed opening 'content/?p=389.php' for inclusion (include_path='.:/usr/lib/php') in /home/the_site/public_html/includes/htmlContent.php on line 27

[14-Apr-2014 15:44:57 America/Chicago] PHP Warning: include(content/?124.php) [function.include]: failed to open stream: No such file or directory in /home/the_site/public_html/includes/htmlContent.php on line 27

[14-Apr-2014 15:44:57 America/Chicago] PHP Warning: include() [function.include]: Failed opening 'content/?124.php' for inclusion (include_path='.:/usr/lib/php') in /home/the_site/public_html/includes/htmlContent.php on line 27

Of course, I know that it means someone has attempted to add a variable "p" to the URL for retrieval via the GET proxy. The trouble is that this site uses the GET proxy infrequently, and never with a variable "p".

The occurrences do not happen at regular times of day or at regular intervals.

Here's my best guess. This is a website that I rescued from a Wordpress administrator whom I will – generously – call semi-competant. I am supposing that these are artifacts of the Wordpress service, and likely are attempts to link to the site from referrers. I am not sure of the value of these referrers, and I am not sure I could use php's $_SERVER['REQUEST_URI'] to sniff out any information about the source.

In any case, I'd like to ask anyone who has experience with this if these URL variables may be pernicious in nature. I can't find a thing on the Web regarding this (not even on stackoverflow.com!) I appreciate your help in putting my paranoid programmer's mind at ease.

Please let me know if you require any other information.

Thanking you in advance.

Update: this is the code requested by Juhana, below:

<?php 
// include:
// htmlContent.php

// Concatenate file name for the content include(s).
$replacements = array( // Content file name swaps:
    ""          => "whypowerwash",
    "index"     => "whypowerwash",
    "~hrmpower" => "whypowerwash",
    "?author=1" => "about",
    );
$thisFile = basename($_SERVER['REQUEST_URI'], '?' . $_SERVER['QUERY_STRING']);
$contentName = explode(".",$thisFile);
if(array_key_exists($contentName[0],$replacements)) {
    $contentFile = $replacements[$contentName[0]];
}
else {
    $contentFile = $contentName[0];
}
echo '<div id="content">';
include('content/'.$contentFile.'.php');
echo'   </div> <!-- closes content div -->';
?>

Put simply, it helps me to link a main page with html content held in the "content" folder. I did this as a temporary measure: later it will be fed from a MySQL database.

The "$_SERVER['REQUEST_URI']" links the file to a file of the same name within the content folder, pending the assessment of required replacements (see array $replacements).

The line in question is:

include('content/'.$contentFile.'.php');

Hoping this helps. Let me know if I need to explain anything else.

Answer 1

I think I have answered my own question.

These mystery links are definitely the legacy of the previous server the files were located on.

The request was either from a user or from a search crawler.

As simple as that.