Wes_SFLL 0 Posted April 3, 2012 I received a email from my website that a potential bad user tried to access /manager/status The info on it is: IP number: 107.20.116.194 With the user agent: (Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13) has been banned. Trying to access: /manager/status The UA has a hostname of ec2-107-20-116-194.compute-1.amazonaws.com Now I did a ip lookup and came back with amazon.com but why would they be trying to access something that I have no links to... I put up that folder because I had a lot of those hackers trying to access folders such as admin phpmyadmin tools etc.. Anyone else have any experience with this bot? Is there any usage for that folder manager? I can't figure one out..did see wordpress should up when I googled it? Also had two similar ones that seems more like bad bots... IP number: 173.248.153.211 With the user agent: (Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0) has been banned. Trying to access: /manager/html The UA has a hostname of hv23accu2282.azurebuy.com and IP number: 60.208.106.23 With the user agent: (Mozilla/3.0 (compatible; Indy Library)) has been banned. Trying to access: /manager/html The UA has a hostname of 60.208.106.23 Share this post Link to post Share on other sites
spooks 79 Posted April 3, 2012 Remember IP's can be spoofed Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Share this post Link to post Share on other sites
♥kymation 631 Posted April 3, 2012 Amazon rents out "cloud" computing resources to anyone who pays for them. The domain will show as <long_string>.amazonaws.com. Hackers often rent these because they are hard to block or trace. Regards Jim See my profile for a list of my addons and ways to get support. Share this post Link to post Share on other sites
Wes_SFLL 0 Posted April 3, 2012 O wow... I swear its always something!! Thanks for the replies!! Share this post Link to post Share on other sites
Taipo 36 Posted April 3, 2012 Anyone else have any experience with this bot? Is there any usage for that folder manager? I can't figure one out..did see wordpress should up when I googled it? There are a myriad of servers out in the wild just trolling through domains of search results and applying blind requests to see if vulnerable directories or files exist. osCommerce has its own range of dedicated attackers and even then as long as your website is patched with the latest code, it is not vulnerable to any of those known attacks. Probably best to just ignore them rather than put too much time and stress into it. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Share this post Link to post Share on other sites