Wes_SFLL Posted April 3, 2012 Share Posted April 3, 2012 I received a email from my website that a potential bad user tried to access /manager/status The info on it is: IP number: 107.20.116.194 With the user agent: (Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13) has been banned. Trying to access: /manager/status The UA has a hostname of ec2-107-20-116-194.compute-1.amazonaws.com Now I did a ip lookup and came back with amazon.com but why would they be trying to access something that I have no links to... I put up that folder because I had a lot of those hackers trying to access folders such as admin phpmyadmin tools etc.. Anyone else have any experience with this bot? Is there any usage for that folder manager? I can't figure one out..did see wordpress should up when I googled it? Also had two similar ones that seems more like bad bots... IP number: 173.248.153.211 With the user agent: (Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0) has been banned. Trying to access: /manager/html The UA has a hostname of hv23accu2282.azurebuy.com and IP number: 60.208.106.23 With the user agent: (Mozilla/3.0 (compatible; Indy Library)) has been banned. Trying to access: /manager/html The UA has a hostname of 60.208.106.23 Link to comment Share on other sites More sharing options...
spooks Posted April 3, 2012 Share Posted April 3, 2012 Remember IP's can be spoofed Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
♥kymation Posted April 3, 2012 Share Posted April 3, 2012 Amazon rents out "cloud" computing resources to anyone who pays for them. The domain will show as <long_string>.amazonaws.com. Hackers often rent these because they are hard to block or trace. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
Wes_SFLL Posted April 3, 2012 Author Share Posted April 3, 2012 O wow... I swear its always something!! Thanks for the replies!! Link to comment Share on other sites More sharing options...
Taipo Posted April 3, 2012 Share Posted April 3, 2012 Anyone else have any experience with this bot? Is there any usage for that folder manager? I can't figure one out..did see wordpress should up when I googled it? There are a myriad of servers out in the wild just trolling through domains of search results and applying blind requests to see if vulnerable directories or files exist. osCommerce has its own range of dedicated attackers and even then as long as your website is patched with the latest code, it is not vulnerable to any of those known attacks. Probably best to just ignore them rather than put too much time and stress into it. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.