Jump to content
marlene

Curious About Curious Script Requests In Website Log

Recommended Posts

Wow :) - I was just going through the website logs and saw the below requests. My guess is a hacker's bot scraper. Will it do any good to block the IP address? Is there anything I should do on my end?

 

marlene

 

72.167.253.108 - - [29/Jun/2011:18:54:17 -0400] "GET /muieblackcat HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:17 -0400] "GET /muieblackcat HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //admin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:18 -0400] "GET //admin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/pma/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/pma/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //db/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //db/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:19 -0400] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //mysql/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:20 -0400] "GET //mysql/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //phpadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //phpadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:21 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:22 -0400] "GET //pma/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //pma/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:23 -0400] "GET //web/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:24 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:24 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:25 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:25 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //sqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:26 -0400] "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //p/m/a/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //PMA2005/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //pma2005/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //phpmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:27 -0400] "GET //php-myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //webadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //sqlweb/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:28 -0400] "GET //webdb/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //mysql-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //databaseadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:29 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:30 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //admm/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //admn/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:31 -0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:32 -0400] "GET //sqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:37 -0400] "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:37 -0400] "GET //p/m/a/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:38 -0400] "GET //PMA2005/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:38 -0400] "GET //pma2005/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:38 -0400] "GET //phpmanager/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:39 -0400] "GET //php-myadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:40 -0400] "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:40 -0400] "GET //webadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:40 -0400] "GET //sqlweb/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:45 -0400] "GET //websql/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:46 -0400] "GET //webdb/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:47 -0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:47 -0400] "GET //mysql-admin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:47 -0400] "GET //databaseadmin/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:48 -0400] "GET //admm/scripts/setup.php HTTP/1.1" 404 - "-" "-"

72.167.253.108 - - [29/Jun/2011:18:54:48 -0400] "GET //admn/scripts/setup.php HTTP/1.1" 404 - "-" "-"

Share this post


Link to post
Share on other sites

marlene,

 

Website applications like WordPress, SMF, etc. usually come with an install.php or setup.php script that actually does the installation. When installation is finished, the install.php or setup.php is supposed to be deleted from the server. The exploit lines you posted are searching for websites where somebody forgot to delete the install scripts.

 

All the requests you posted are getting 404 (Not Found) responses, so they can't do any harm. The 404's mean those scripts don't exist in your site.

 

You can ban the IP in cPanel or .htaccess, but the only thing that will do is change the 404's to 403's. The entries will still keep appearing in your log until the would-be hacker stops trying.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...