freelance84 Posted December 6, 2011 Share Posted December 6, 2011 Another dodgy IP address looking for all sorts on my server: 85.88.195.35 and 93.84.116.216 I am now going to block both but thought i would post them on here. I wish there was some computer out there which could hunt down arseholes looking to cause damage and simply spike their computer with such a spike to cause their box to fry and die! (common files both ip's were looking for were 'awstatstotals' 'scgi-bin' 'phpAlbum' 'main.php', well, those were the ones they tried to fined but didn't exist) Quote Link to comment Share on other sites More sharing options...
Adam Posted December 6, 2011 Share Posted December 6, 2011 They're likely just simple bots spidering websites looking for files/software that have, or have been known to have, exploits. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted December 6, 2011 Author Share Posted December 6, 2011 Yea I though that might the case. I have webalizer installed on my server. I did a google search for any known exploits but didn't find anything, does anyone know if there are any, thus should i be using possibly a safer stat system? Asside from webalizer on this server, jQuery and phpMailer i have no other premade scripts at play. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted December 8, 2011 Author Share Posted December 8, 2011 I'm assuming there must be some weakness in these somewhere... [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/awstats [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] script not found or unable to stat: /usr/lib/cgi-bin/awstats.pl [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] script not found or unable to stat: /usr/lib/cgi-bin/awstats [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] script not found or unable to stat: /usr/lib/cgi-bin/stats [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/cgi [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/scgi-bin [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/scgi-bin [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/scgi-bin [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/scgi [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/scripts [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/stats [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/apps [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/phpAlbum [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] script '/var/www/main.php' not found or unable to stat [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/phpalbum [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/apps [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] script '/var/www/awstatstotals.php' not found or unable to stat [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/awstats [Wed Dec 07 16:47:25 2011] [error] [client 78.131.55.172] File does not exist: /var/www/stat [Wed Dec 07 16:47:26 2011] [error] [client 78.131.55.172] File does not exist: /var/www/awstatstotals [Thu Dec 08 02:07:08 2011] [error] [client 211.144.82.8] File does not exist: /var/www/awstats [Thu Dec 08 02:07:08 2011] [error] [client 211.144.82.8] script not found or unable to stat: /usr/lib/cgi-bin/awstats.pl [Thu Dec 08 02:07:09 2011] [error] [client 211.144.82.8] script not found or unable to stat: /usr/lib/cgi-bin/awstats [Thu Dec 08 02:07:09 2011] [error] [client 211.144.82.8] script not found or unable to stat: /usr/lib/cgi-bin/stats [Thu Dec 08 02:07:09 2011] [error] [client 211.144.82.8] File does not exist: /var/www/cgi [Thu Dec 08 02:07:10 2011] [error] [client 211.144.82.8] File does not exist: /var/www/scgi-bin [Thu Dec 08 02:07:10 2011] [error] [client 211.144.82.8] File does not exist: /var/www/scgi-bin [Thu Dec 08 02:07:10 2011] [error] [client 211.144.82.8] File does not exist: /var/www/scgi-bin [Thu Dec 08 02:07:10 2011] [error] [client 211.144.82.8] File does not exist: /var/www/scgi [Thu Dec 08 02:07:11 2011] [error] [client 211.144.82.8] File does not exist: /var/www/scripts [Thu Dec 08 02:07:11 2011] [error] [client 211.144.82.8] File does not exist: /var/www/stats [Thu Dec 08 02:07:11 2011] [error] [client 211.144.82.8] File does not exist: /var/www/apps [Thu Dec 08 02:07:12 2011] [error] [client 211.144.82.8] File does not exist: /var/www/phpAlbum [Thu Dec 08 02:07:12 2011] [error] [client 211.144.82.8] script '/var/www/main.php' not found or unable to stat [Thu Dec 08 02:07:12 2011] [error] [client 211.144.82.8] File does not exist: /var/www/phpalbum [Thu Dec 08 02:07:13 2011] [error] [client 211.144.82.8] File does not exist: /var/www/apps [Thu Dec 08 02:07:13 2011] [error] [client 211.144.82.8] script '/var/www/awstatstotals.php' not found or unable to stat [Thu Dec 08 02:07:13 2011] [error] [client 211.144.82.8] File does not exist: /var/www/awstats [Thu Dec 08 02:07:13 2011] [error] [client 211.144.82.8] File does not exist: /var/www/stat [Thu Dec 08 02:07:14 2011] [error] [client 211.144.82.8] File does not exist: /var/www/awstatstotals Quote Link to comment Share on other sites More sharing options...
freelance84 Posted December 8, 2011 Author Share Posted December 8, 2011 Is there an on-line db anywhere which is constantly updated with bad IP addresses? Quote Link to comment Share on other sites More sharing options...
trq Posted December 8, 2011 Share Posted December 8, 2011 The simple answer is no. You might laso be being a little paranoid. Running servers, you will get things like this all day long. Quote Link to comment Share on other sites More sharing options...
thehippy Posted December 8, 2011 Share Posted December 8, 2011 The 'bots' that are doing the scanning are usually compromised peoples computers organized into larger botnets which are usually made up of hundreds of thousands of hosts. Maintaining an up to date blacklist would be a nightmare and counter productive. DNS blacklists (dnsbl) are maintained of email spammers but I don't know any reliable ones that maintain one for botnets/scanners/probers. What you can do is setup an intrusion detection system/intrusion prevention system IDS/IPS and you'll quickly learn the amount of probing that goes on, its not just on your http port that's scanned and it certainly is not solely you, everyone is scanned and its been going on for so long its common place to net admins. The IDS can detect potential threats and adjust your firewall, Snort is a popular FOSS tool for this. ACID or BASE can provide a web interface and analysis from the Snort logs as well, you'll definitely get an education in popular exploits botnets scan for with those. As thorpe said this is happening all the time and is largely nothing to be overly concerned about as long as you're vigilant with keeping software up to date. I often tail the snort alert log for shits and giggles, its like a geeky matrix screen saver with all the text scrolling by. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted December 8, 2011 Author Share Posted December 8, 2011 Ok cool. Thanks, i'll get reading Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.