We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Strang stuff in server log - any ideas why
kwikbreaks
Posts: 9,187 Forumite
in Techie Stuff
I must admit I don't routinely monitor my server logs but took a look the other day when I noticed a high number of error responses on a site. That turned out to be a script attempting a brute force attack on my wordpress login which was being blocked by .htaccess anyway but while checking the logs I also noticed a periodic query clearly intended for monitoring if the site was up or not.
I found the same bot on 4 more of my sites on the same server. I don't recall setting any monitoring up and would only bother with a single site anyway. I contacted the bot site owner and they said the queries were being run on an account set up by https://www.stopthehacker.com/ I don't seem to have any account there either but have had no response from them yet.
I've just blocked the IP in .htaccess on all the sites getting the queries - not that they do any harm really as it's a header only check every 5 minutes.
The question is why would anybody set up these monitoring queries on sites they don't own - in particular 4 fairly obscure sites all on the same server.
Here is an example from the server log after I'd blocked the IP...
74.86.158.106 - - [28/Jan/2015:09:14:09 +0000] "GET /?o284384 HTTP/1.1" 403 - "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
Each site has a unique query string sent to it.
I found the same bot on 4 more of my sites on the same server. I don't recall setting any monitoring up and would only bother with a single site anyway. I contacted the bot site owner and they said the queries were being run on an account set up by https://www.stopthehacker.com/ I don't seem to have any account there either but have had no response from them yet.
I've just blocked the IP in .htaccess on all the sites getting the queries - not that they do any harm really as it's a header only check every 5 minutes.
The question is why would anybody set up these monitoring queries on sites they don't own - in particular 4 fairly obscure sites all on the same server.
Here is an example from the server log after I'd blocked the IP...
74.86.158.106 - - [28/Jan/2015:09:14:09 +0000] "GET /?o284384 HTTP/1.1" 403 - "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
Each site has a unique query string sent to it.
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.6K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.7K Work, Benefits & Business
- 603.1K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards