As Fiasco Labs points out in their answerFiasco Labs points out in their answer, these type of log entries are a dime-a-dozen. But as a systems administrator with a deep history managing and protection LAMP-based web servers, this is not an attack as much a scripted “probe” of your system by someone somewhere. These probes/scans of a system are done to see what—if any—servers out there are vulnerable; not just your servers. In general this is the equivalent of the “war dialing” that was fairly commonplace in the 1980s/1990s days of system hacking via acoustic modem; scan a list of systems, see what systems have “flaws” and then see what you can do with those supposed flaws.
Which means, be sure to backup your core codebase so if it is ever compromised, you can easily redeploy clean code without much effort. To that end I would highly recommend you use a source code management tool like git
for your version tracking as well as setting up a GitHub repository for remote storage. Also, learn how to use Capistrano with PHP to deploy code; I have an answer that addresses how to do this over herean answer that addresses how to do this over here.