We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
We're aware that dates on the Forum are not currently showing correctly. Please bear with us while we get this fixed, and see Site feedback for updates.
Strang stuff in server log - any ideas why

kwikbreaks
Posts: 9,187 Forumite
in Techie Stuff
I must admit I don't routinely monitor my server logs but took a look the other day when I noticed a high number of error responses on a site. That turned out to be a script attempting a brute force attack on my wordpress login which was being blocked by .htaccess anyway but while checking the logs I also noticed a periodic query clearly intended for monitoring if the site was up or not.
I found the same bot on 4 more of my sites on the same server. I don't recall setting any monitoring up and would only bother with a single site anyway. I contacted the bot site owner and they said the queries were being run on an account set up by https://www.stopthehacker.com/ I don't seem to have any account there either but have had no response from them yet.
I've just blocked the IP in .htaccess on all the sites getting the queries - not that they do any harm really as it's a header only check every 5 minutes.
The question is why would anybody set up these monitoring queries on sites they don't own - in particular 4 fairly obscure sites all on the same server.
Here is an example from the server log after I'd blocked the IP...
74.86.158.106 - - [28/Jan/2015:09:14:09 +0000] "GET /?o284384 HTTP/1.1" 403 - "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
Each site has a unique query string sent to it.
I found the same bot on 4 more of my sites on the same server. I don't recall setting any monitoring up and would only bother with a single site anyway. I contacted the bot site owner and they said the queries were being run on an account set up by https://www.stopthehacker.com/ I don't seem to have any account there either but have had no response from them yet.
I've just blocked the IP in .htaccess on all the sites getting the queries - not that they do any harm really as it's a header only check every 5 minutes.
The question is why would anybody set up these monitoring queries on sites they don't own - in particular 4 fairly obscure sites all on the same server.
Here is an example from the server log after I'd blocked the IP...
74.86.158.106 - - [28/Jan/2015:09:14:09 +0000] "GET /?o284384 HTTP/1.1" 403 - "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
Each site has a unique query string sent to it.
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 348.3K Banking & Borrowing
- 252.1K Reduce Debt & Boost Income
- 452.4K Spending & Discounts
- 240.9K Work, Benefits & Business
- 617.2K Mortgages, Homes & Bills
- 175.7K Life & Family
- 254.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 15.1K Coronavirus Support Boards