marlene Posted July 8, 2011 Share Posted July 8, 2011 Wow - I was just going through the website logs and saw the below requests. My guess is a hacker's bot scraper. Will it do any good to block the IP address? Is there anything I should do on my end? marlene 72.167.253.108 - - [29/Jun/2011:18:54:17 -0400] "GET /muieblackcat HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:17 -0400] "GET /muieblackcat HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/pma/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/pma/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //db/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //db/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //mysql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //mysql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //phpadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //phpadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //pma/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //pma/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:24 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:24 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:25 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:25 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //sqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //p/m/a/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //PMA2005/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //pma2005/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //phpmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //php-myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //webadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //sqlweb/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //webdb/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //mysql-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //databaseadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:30 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //admm/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //admn/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:32 -0400] "GET //sqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:37 -0400] "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:37 -0400] "GET //p/m/a/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:38 -0400] "GET //PMA2005/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:38 -0400] "GET //pma2005/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:38 -0400] "GET //phpmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:39 -0400] "GET //php-myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:40 -0400] "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:40 -0400] "GET //webadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:40 -0400] "GET //sqlweb/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:45 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:46 -0400] "GET //webdb/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:47 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:47 -0400] "GET //mysql-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:47 -0400] "GET //databaseadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:48 -0400] "GET //admm/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:48 -0400] "GET //admn/scripts/setup.php HTTP/1.1" 404 - "-" "-" Quote Link to comment Share on other sites More sharing options...
TCH-Bala Posted July 9, 2011 Share Posted July 9, 2011 you can block the ip using cpanel, that should be enough. Quote Link to comment Share on other sites More sharing options...
SteveW Posted July 9, 2011 Share Posted July 9, 2011 marlene, Website applications like WordPress, SMF, etc. usually come with an install.php or setup.php script that actually does the installation. When installation is finished, the install.php or setup.php is supposed to be deleted from the server. The exploit lines you posted are searching for websites where somebody forgot to delete the install scripts. All the requests you posted are getting 404 (Not Found) responses, so they can't do any harm. The 404's mean those scripts don't exist in your site. You can ban the IP in cPanel or .htaccess, but the only thing that will do is change the 404's to 403's. The entries will still keep appearing in your log until the would-be hacker stops trying. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.