Jump to content

Archived

This topic is now archived and is closed to further replies.

Wes_SFLL

Bad Bot? I tried researching it first

Recommended Posts

I received a email from my website that a potential bad user tried to access /manager/status

 

The info on it is:

 

IP number: 107.20.116.194

With the user agent: (Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13) has been banned.

Trying to access: /manager/status

The UA has a hostname of ec2-107-20-116-194.compute-1.amazonaws.com

 

 

Now I did a ip lookup and came back with amazon.com but why would they be trying to access something that I have no links to... I put up that folder because I had a lot of those hackers trying to access folders such as admin phpmyadmin tools etc..

 

Anyone else have any experience with this bot? Is there any usage for that folder manager? I can't figure one out..did see wordpress should up when I googled it?

 

 

Also had two similar ones that seems more like bad bots...

IP number: 173.248.153.211

With the user agent: (Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0) has been banned.

Trying to access: /manager/html

The UA has a hostname of hv23accu2282.azurebuy.com

 

and

 

IP number: 60.208.106.23

With the user agent: (Mozilla/3.0 (compatible; Indy Library)) has been banned.

Trying to access: /manager/html

The UA has a hostname of 60.208.106.23

Share this post


Link to post
Share on other sites

Remember IP's can be spoofed


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Amazon rents out "cloud" computing resources to anyone who pays for them. The domain will show as <long_string>.amazonaws.com. Hackers often rent these because they are hard to block or trace.

 

Regards

Jim


See my profile for a list of my addons and ways to get support.

Share this post


Link to post
Share on other sites

Anyone else have any experience with this bot? Is there any usage for that folder manager? I can't figure one out..did see wordpress should up when I googled it?

 

There are a myriad of servers out in the wild just trolling through domains of search results and applying blind requests to see if vulnerable directories or files exist. osCommerce has its own range of dedicated attackers and even then as long as your website is patched with the latest code, it is not vulnerable to any of those known attacks. Probably best to just ignore them rather than put too much time and stress into it.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

×