Ton's of HTTP GET Bot requests
-
Anonymous
UnregisteredHi all
Just looking at some raw logs and certain sites are getting loads of these requests, which I'm assuming is some scrote posing as a Google bot looking for un-patched admin sections:
74.86.66.194 - - [16/May/2010:18:51:20 +0100] "GET /portal/administrator/index.php HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
74.86.66.194 - - [16/May/2010:18:51:20 +0100] "GET /web/administrator/index.php HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
74.86.66.194 - - [16/May/2010:18:51:20 +0100] "GET /v1/administrator/index.php HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
74.86.66.194 - - [16/May/2010:18:51:21 +0100] "GET /v2/administrator/index.php HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
74.86.66.194 - - [16/May/2010:18:51:21 +0100] "GET /j/administrator/index.php HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
74.86.66.194 - - [16/May/2010:18:51:21 +0100] "GET /en/administrator/index.php HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
74.86.66.194 - - [16/May/2010:18:51:21 +0100] "GET /joom/administrator/index.php HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"Whilst all my CMS's are fully upto date - is there a way to block this kind of request server wide and to all IP's without affecting regular traffic?
Something to be worried about or just part and parcel of running a website?
Cheers
Ben.Posted 2 years ago # -
hey Ben .. this is Google indexing your sites, quite normal
Posted 2 years ago # -
Anonymous
Unregisteredhmm, not conviced! The IP doesnt resolve back to the mighty G.
Its some fecker looking to get access to the admin section of a site...spoofing gbot.
Posted 2 years ago # -
well, you could block IP .. check out the auth_basic tut in teh Nginx admin section but, to be frank and once you've built up some traffic, if you're not getting hacked multiple times a day then you're just not getting enough traffic!
sorry, sounds blase, just a fact of the web .. you wanna see these logs (but pop an aspirin first.)
Posted 2 years ago # -
something else:-
http://php-ids.org/ .. it won't stop attacks but it will alert you and you have various counter-options.
.. they have a decent forum too.
Posted 2 years ago #
Reply
You must log in to post.
Want HTML?
a blockquote code em strong ul ol liPlace code between backticks `codeHere`
You've got it.