The Planet Forums > Testing my port 80 from the IP 67.15.70.24

Full Version: Testing my port 80 from the IP 67.15.70.24

The Planet Forums > System Administration > General Support Questions

JFrechA

Dec 22 2006, 01:04 PM

People from the IP: 67.15.70.24 whas testing my server in port 80.

I reported this IP to Ev1. But I consider people like this needs to be known by all of us

67.15.70.24 - - [22/Dec/2006:10:25:50 -0600] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 403 310 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:51 -0600] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 403 310 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:51 -0600] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 403 310 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:51 -0600] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 403 310 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:52 -0600] "GET /adxmlrpc.php HTTP/1.0" 403 284 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:52 -0600] "GET /adxmlrpc.php HTTP/1.0" 403 284 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:52 -0600] "GET /adxmlrpc.php HTTP/1.0" 403 284 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:53 -0600] "GET /adxmlrpc.php HTTP/1.0" 403 284 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:54 -0600] "GET /adserver/adxmlrpc.php HTTP/1.0" 403 293 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:54 -0600] "GET /adserver/adxmlrpc.php HTTP/1.0" 403 293 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:54 -0600] "GET /adserver/adxmlrpc.php HTTP/1.0" 403 293 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:55 -0600] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:55 -0600] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:56 -0600] "GET /phpadsnew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:56 -0600] "GET /phpadsnew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:51 -0600] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 403 310 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:54 -0600] "GET /adserver/adxmlrpc.php HTTP/1.0" 403 293 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:25:54 -0600] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:15 -0600] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 403 310 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:15 -0600] "GET /adxmlrpc.php HTTP/1.0" 403 284 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:15 -0600] "GET /adserver/adxmlrpc.php HTTP/1.0" 403 293 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:16 -0600] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 403 310 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:16 -0600] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 403 310 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:16 -0600] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 403 310 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:16 -0600] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:16 -0600] "GET /adxmlrpc.php HTTP/1.0" 403 284 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:16 -0600] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 403 310 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:16 -0600] "GET /adxmlrpc.php HTTP/1.0" 403 284 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:18 -0600] "GET /adserver/adxmlrpc.php HTTP/1.0" 403 293 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:18 -0600] "GET /adserver/adxmlrpc.php HTTP/1.0" 403 293 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:18 -0600] "GET /phpadsnew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:18 -0600] "GET /adxmlrpc.php HTTP/1.0" 403 284 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:19 -0600] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:18 -0600] "GET /adxmlrpc.php HTTP/1.0" 403 284 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:18 -0600] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:19 -0600] "GET /phpads/adxmlrpc.php HTTP/1.0" 403 291 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:20 -0600] "GET /adserver/adxmlrpc.php HTTP/1.0" 403 293 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:20 -0600] "GET /phpadsnew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:20 -0600] "GET /adserver/adxmlrpc.php HTTP/1.0" 403 293 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:20 -0600] "GET /Ads/adxmlrpc.php HTTP/1.0" 403 288 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:20 -0600] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:21 -0600] "GET /phpads/adxmlrpc.php HTTP/1.0" 403 291 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:21 -0600] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"
67.15.70.24 - - [22/Dec/2006:10:29:20 -0600] "GET /phpadsnew/adxmlrpc.php HTTP/1.0" 403 294 "-" "-"

markcausa

Dec 23 2006, 02:00 AM

They were trying to do some injection?

JFrechA

Dec 23 2006, 06:23 AM

QUOTE (markcausa)

They were trying to do some injection?

I think so. They was trying to find the phpAdsNew (http://phpadsnew.com/), a program that manage banners, and maybe they know about some vulnerability in it.

Injections are common in many PHP programs

markcausa

Dec 23 2006, 01:53 PM

QUOTE (JFrechA)

Injections are common in many PHP programs

I know, it's scary stuff. But there are ways to make sure PHP files are protected (mostly), like 1) Securing the physical PHP files and 2) Enabling the Php open_basedir Tweak in WHM (and possibly other control panels.)

But for every second these guys are improving security, the bad guys are finding more hacks, injections and exploits.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.