Jump to content

Recommended Posts

Another dodgy IP address looking for all sorts on my server:

 

85.88.195.35

 

and

 

93.84.116.216

 

I am now going to block both but thought i would post them on here. I wish there was some computer out there which could hunt down arseholes looking to cause damage and simply spike their computer with such a spike to cause their box to fry and die!

 

(common files both ip's were looking for were 'awstatstotals' 'scgi-bin' 'phpAlbum' 'main.php', well, those were the ones they tried to fined but didn't exist)

Link to comment
https://forums.phpfreaks.com/topic/252571-fry-and-die/
Share on other sites

 

Yea I though that might the case.

 

I have webalizer installed on my server. I did a google search for any known exploits but didn't find anything, does anyone know if there are any, thus should i be using possibly a safer stat system?

 

Asside from webalizer on this server, jQuery and phpMailer i have no other premade  scripts at play.

Link to comment
https://forums.phpfreaks.com/topic/252571-fry-and-die/#findComment-1294882
Share on other sites

I'm assuming there must be some weakness in these somewhere...

 

[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/awstats
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] script not found or unable to stat: /usr/lib/cgi-bin/awstats.pl
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] script not found or unable to stat: /usr/lib/cgi-bin/awstats
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] script not found or unable to stat: /usr/lib/cgi-bin/stats
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/cgi
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/scgi-bin
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/scgi-bin
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/scgi-bin
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/scgi
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/scripts
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/stats
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/apps
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/phpAlbum
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] script '/var/www/main.php' not found or unable to stat
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/phpalbum
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/apps
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] script '/var/www/awstatstotals.php' not found or unable to stat
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/awstats
[Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/stat
[Wed Dec 07 16:47:26 2011] [error] [client 78.131.55.172] File does not exist: /var/www/awstatstotals

 

[Thu Dec 08 02:07:08 2011] [error] [client 211.144.82.8] File does not exist: /var/www/awstats
[Thu Dec 08 02:07:08 2011] [error] [client 211.144.82.8] script not found or unable to stat: /usr/lib/cgi-bin/awstats.pl
[Thu Dec 08 02:07:09 2011] [error] [client 211.144.82.8] script not found or unable to stat: /usr/lib/cgi-bin/awstats
[Thu Dec 08 02:07:09 2011] [error] [client 211.144.82.8] script not found or unable to stat: /usr/lib/cgi-bin/stats
[Thu Dec 08 02:07:09 2011] [error] [client 211.144.82.8] File does not exist: /var/www/cgi
[Thu Dec 08 02:07:10 2011] [error] [client 211.144.82.8] File does not exist: /var/www/scgi-bin
[Thu Dec 08 02:07:10 2011] [error] [client 211.144.82.8] File does not exist: /var/www/scgi-bin
[Thu Dec 08 02:07:10 2011] [error] [client 211.144.82.8] File does not exist: /var/www/scgi-bin
[Thu Dec 08 02:07:10 2011] [error] [client 211.144.82.8] File does not exist: /var/www/scgi
[Thu Dec 08 02:07:11 2011] [error] [client 211.144.82.8] File does not exist: /var/www/scripts
[Thu Dec 08 02:07:11 2011] [error] [client 211.144.82.8] File does not exist: /var/www/stats
[Thu Dec 08 02:07:11 2011] [error] [client 211.144.82.8] File does not exist: /var/www/apps
[Thu Dec 08 02:07:12 2011] [error] [client 211.144.82.8] File does not exist: /var/www/phpAlbum
[Thu Dec 08 02:07:12 2011] [error] [client 211.144.82.8] script '/var/www/main.php' not found or unable to stat
[Thu Dec 08 02:07:12 2011] [error] [client 211.144.82.8] File does not exist: /var/www/phpalbum
[Thu Dec 08 02:07:13 2011] [error] [client 211.144.82.8] File does not exist: /var/www/apps
[Thu Dec 08 02:07:13 2011] [error] [client 211.144.82.8] script '/var/www/awstatstotals.php' not found or unable to stat
[Thu Dec 08 02:07:13 2011] [error] [client 211.144.82.8] File does not exist: /var/www/awstats
[Thu Dec 08 02:07:13 2011] [error] [client 211.144.82.8] File does not exist: /var/www/stat
[Thu Dec 08 02:07:14 2011] [error] [client 211.144.82.8] File does not exist: /var/www/awstatstotals

 

 

Link to comment
https://forums.phpfreaks.com/topic/252571-fry-and-die/#findComment-1295668
Share on other sites

The 'bots' that are doing the scanning are usually compromised peoples computers organized into larger botnets which are usually made up of hundreds of thousands of hosts.  Maintaining an up to date blacklist would be a nightmare and counter productive.  DNS blacklists (dnsbl) are maintained of email spammers but I don't know any reliable ones that maintain one for botnets/scanners/probers.  What you can do is setup an intrusion detection system/intrusion prevention system IDS/IPS and you'll quickly learn the amount of probing that goes on, its not just on your http port that's scanned and it certainly is not solely you, everyone is scanned and its been going on for so long its common place to net admins.  The IDS can detect potential threats and adjust your firewall, Snort is a popular FOSS tool for this.  ACID or BASE can provide a web interface and analysis from the Snort logs as well, you'll definitely get an education in popular exploits botnets scan for with those.  As thorpe said this is happening all the time and is largely nothing to be overly concerned about as long as you're vigilant with keeping software up to date.  I often tail the snort alert log for shits and giggles, its like a geeky matrix screen saver with all the text scrolling by.

Link to comment
https://forums.phpfreaks.com/topic/252571-fry-and-die/#findComment-1295702
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.