marlene Posted July 8, 2011 Posted July 8, 2011 Wow - I was just going through the website logs and saw the below requests. My guess is a hacker's bot scraper. Will it do any good to block the IP address? Is there anything I should do on my end? marlene 72.167.253.108 - - [29/Jun/2011:18:54:17 -0400] "GET /muieblackcat HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:17 -0400] "GET /muieblackcat HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/pma/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/pma/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //db/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //db/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //mysql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //mysql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //phpadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //phpadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //pma/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //pma/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:24 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:24 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:25 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:25 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //sqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //p/m/a/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //PMA2005/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //pma2005/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //phpmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //php-myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //webadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //sqlweb/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //webdb/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //mysql-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //databaseadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:30 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //admm/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //admn/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:32 -0400] "GET //sqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:37 -0400] "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:37 -0400] "GET //p/m/a/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:38 -0400] "GET //PMA2005/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:38 -0400] "GET //pma2005/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:38 -0400] "GET //phpmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:39 -0400] "GET //php-myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:40 -0400] "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:40 -0400] "GET //webadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:40 -0400] "GET //sqlweb/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:45 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:46 -0400] "GET //webdb/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:47 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:47 -0400] "GET //mysql-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:47 -0400] "GET //databaseadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:48 -0400] "GET //admm/scripts/setup.php HTTP/1.1" 404 - "-" "-" 72.167.253.108 - - [29/Jun/2011:18:54:48 -0400] "GET //admn/scripts/setup.php HTTP/1.1" 404 - "-" "-" Quote
TCH-Bala Posted July 9, 2011 Posted July 9, 2011 you can block the ip using cpanel, that should be enough. Quote
SteveW Posted July 9, 2011 Posted July 9, 2011 marlene, Website applications like WordPress, SMF, etc. usually come with an install.php or setup.php script that actually does the installation. When installation is finished, the install.php or setup.php is supposed to be deleted from the server. The exploit lines you posted are searching for websites where somebody forgot to delete the install scripts. All the requests you posted are getting 404 (Not Found) responses, so they can't do any harm. The 404's mean those scripts don't exist in your site. You can ban the IP in cPanel or .htaccess, but the only thing that will do is change the 404's to 403's. The entries will still keep appearing in your log until the would-be hacker stops trying. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.