Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


how to prevent this kind of bots
New on LowEndTalk? Please Register and read our Community Rules.

how to prevent this kind of bots

namhuynamhuy Member
2014/05/21 01:07:35 [error] 6555#0: *11493 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/mailing/tools/fckeditor/editor/filemanager/browser/default/connectors/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /mailing/tools/fckeditor/editor/filemanager/browser/default/connectors/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 01:07:38 [error] 6555#0: *11499 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/admin/fckeditor/editor/filemanager/browser/default/connectors/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /admin/fckeditor/editor/filemanager/browser/default/connectors/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 01:07:42 [error] 6555#0: *11493 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/admin/FCKeditor/editor/filemanager/browser/default/connectors/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /admin/FCKeditor/editor/filemanager/browser/default/connectors/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 01:07:47 [error] 6555#0: *11493 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/webadmin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /webadmin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 01:07:50 [error] 6555#0: *11508 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 01:07:51 [error] 6555#0: *11493 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 04:14:56 [error] 6556#0: *21756 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/wp-pages.php (No such file or directory)" while reading response header from upstream, client: 5.199.142.250, server: namhuy.net, request: "GET /wp-pages.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net", referrer: "http://namhuy.net/wp-pages.php"
2014/05/21 06:04:37 [error] 6555#0: *28190 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/wp-includes/images/wlw/wp-icons.php (No such file or directory)" while reading response header from upstream, client: 5.199.142.250, server: namhuy.net, request: "GET /wp-includes/images/wlw/wp-icons.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net", referrer: "http://namhuy.net/wp-includes/images/wlw/wp-icons.php"
2014/05/21 09:38:35 [error] 6555#0: *41193 open() "/var/www/html/post-sitemap.xml" failed (2: No such file or directory), client: 66.249.66.127, server: namhuy.net, request: "GET /post-sitemap.xml HTTP/1.1", host: "namhuy.net"
2014/05/21 10:16:55 [error] 6557#0: *43157 open() "/var/www/html/wp-content/plugins/jetpack/modules/sharedaddy/IMGROOT/sprite.png" failed (2: No such file or directory), client: 184.63.14.2, server: namhuy.net, request: "GET /wp-content/plugins/jetpack/modules/sharedaddy/IMGROOT/sprite.png HTTP/1.1", host: "namhuy.net"
2014/05/21 11:25:56 [error] 6557#0: *47291 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/wp-includes/images/wlw/wp-icons.php (No such file or directory)" while reading response header from upstream, client: 5.199.142.250, server: namhuy.net, request: "GET /wp-includes/images/wlw/wp-icons.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net", referrer: "http://namhuy.net/wp-includes/images/wlw/wp-icons.php"
2014/05/21 11:38:44 [error] 6555#0: *48173 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/3055/index.php (No such file or directory)" while reading response header from upstream, client: 213.251.187.189, server: namhuy.net, request: "POST /3055/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 11:38:46 [error] 6555#0: *48176 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/3055/index.php (No such file or directory)" while reading response header from upstream, client: 213.251.187.189, server: namhuy.net, request: "POST /3055/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 11:38:47 [error] 6555#0: *48169 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/images/stories/rapika.php (No such file or directory)" while reading response header from upstream, client: 213.251.187.189, server: namhuy.net, request: "GET /images/stories/rapika.php?rf HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 11:38:48 [error] 6555#0: *48176 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/3055/images/stories/rapika.php (No such file or directory)" while reading response header from upstream, client: 213.251.187.189, server: namhuy.net, request: "GET /3055/images/stories/rapika.php?rf HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"

is there any way to block this kind of bot? happen quite often lately to my website :( it keeps crawling for non existing link.

Comments

  • blergh_blergh_ Member

    Seeing as you dont run/have the content they request its no biggie, if you do, just rename + fail2ban.

  • nerouxneroux Member

    From this log I'd say they send probe requests to find vulnerable scripts.

    If it is always the same set of IP addresses, you could simply block them on a network level. Otherwise you might want to block the requested files on the web server level.

  • namhuynamhuy Member

    is there anything to prevent them? They target something like admin.php administrator bitrix uploadify and all sort of keywords. Kindda bother me.

  • nerouxneroux Member

    namhuy said: is there anything to prevent them?

    What I wrote.

  • nunimnunim Member

    Mod_Security with a decent set of rules can block a lot of this, but there will always be bots probing your site, welcome to the World Wide Web.

  • hdpixelhdpixel Member

    CSF will block any scanner looking for ports.
    Mod_Sec apache module will block an agent without a header signature or a non standard browser signature.

    CSF block email

    To: Email
    Subject: lfd on host.hdpixel.com: 77.247.178.215 (NL/Netherlands/-) blocked for port scanning
    Time:    Tue May 20 03:57:20 2014 -0700
    IP:      77.247.178.215 (NL/Netherlands/-)
    Hits:    11
    Blocked: Temporary Block
    
    Sample of block hits:
    May 20 03:57:01 host kernel: [82413.180391] Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=77.247.178.215 DST=XXX.XX.XX.XX LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=61523 PROTO=TCP SPT=50531 DPT=8000 WINDOW=14600 RES=0x00 SYN URGP=0 
    

    Mod_Sec denying the request

    [Wed Sep 11 06:14:40 2013] [error] [client 71.62.109.144] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "58"] [id "1234123429"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "mysite.com"] [uri "/"] [unique_id "UjBswMC4WcAAAAwmUsMAAAAE"]
    
  • RalliasRallias Member

    location ~.php {
    try $uri =404;

    Thanked by 1namhuy
  • BoxodeBoxode Member

    Try CSF. Also renaming any admin directories, or even putting up fake admin directories can help quite a bit.

    But as said before, welcome to the world wide web :)

  • namhuynamhuy Member
    edited May 2014

    I'm using rewrite right now, but I have to update it by hand.. I want something automate

    rewrite ~*/(directory|administrator|bitrix|braille|fckeditor|member|phpThumb|wlw|stories|hotfix|uploadify)/ http://127.0.0.1 permanent;

  • msg7086msg7086 Member

    @namhuy said:
    I'm using rewrite right now, but I have to update it by hand.. I want something automate

    As @Rallias wrote, Add try_files $uri =404; in your fastcgi block.

    Thanked by 1namhuy
  • namhuynamhuy Member

    try_files $uri =404; works for php, now they crawl for images files :(

    2014/05/23 02:02:20 [error] 12940#0: *12000 open() "/var/www/html/apis.google.com/js/plusone.js" failed (2: No such file or directory), client: 180.153.206.25, server: namhuy.net, request: "GET //apis.google.com/js/plusone.js?6338cc HTTP/1.1", host: "namhuy.net", referrer: "http://namhuy.net//apis.google.com/js/plusone.js?6338cc"
    2014/05/23 02:41:46 [error] 12941#0: *14619 open() "/var/www/html/1563/feed-icon16x16.png" failed (2: No such file or directory), client: 178.41.18.171, server: namhuy.net, request: "GET /1563/feed-icon16x16.png HTTP/1.1", host: "namhuy.net", referrer: "http://namhuy.net/1563/how-to-tweak-and-optimize-ssd-for-ubuntu-linux-mint.html"
    2014/05/23 02:41:46 [error] 12943#0: *14632 open() "/var/www/html/1563/ssd.png" failed (2: No such file or directory), client: 178.41.18.171, server: namhuy.net, request: "GET /1563/ssd.png HTTP/1.1", host: "namhuy.net", referrer: "http://namhuy.net/1563/how-to-tweak-and-optimize-ssd-for-ubuntu-linux-mint.html"
    2014/05/23 02:41:46 [error] 12940#0: *14635 open() "/var/www/html/1563/email.gif" failed (2: No such file or directory), client: 178.41.18.171, server: namhuy.net, request: "GET /1563/email.gif HTTP/1.1", host: "namhuy.net", referrer: "http://namhuy.net/1563/how-to-tweak-and-optimize-ssd-for-ubuntu-linux-mint.html"
    2014/05/23 02:41:46 [error] 12940#0: *14634 open() "/var/www/html/1563/loading.gif" failed (2: No such file or directory), client: 178.41.18.171, server: namhuy.net, request: "GET /1563/loading.gif HTTP/1.1", host: "namhuy.net", referrer: "http://namhuy.net/1563/how-to-tweak-and-optimize-ssd-for-ubuntu-linux-mint.html"
    2014/05/23 02:41:46 [error] 12940#0: *14633 open() "/var/www/html/1563/photo.jpg" failed (2: No such file or directory), client: 178.41.18.171, server: namhuy.net, request: "GET /1563/photo.jpg HTTP/1.1", host: "namhuy.net", referrer: "http://namhuy.net/1563/how-to-tweak-and-optimize-ssd-for-ubuntu-linux-mint.html"
    2014/05/23 05:09:26 [error] 12944#0: *22485 open() "/var/www/html/wp-content/uploads/wpcf7_captcha/114116160.png" failed (2: No such file or directory), client: 207.198.112.64, server: namhuy.net, request: "GET /wp-content/uploads/wpcf7_captcha/114116160.png HTTP/1.1", host: "namhuy.net"
    2014/05/23 06:09:20 [error] 12944#0: *25731 open() "/var/www/html/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 106.217.39.20, server: namhuy.net, request: "GET /apple-touch-icon-precomposed.png HTTP/1.1", host: "namhuy.net"
    2014/05/23 06:29:01 [error] 12940#0: *26935 open() "/var/www/html/wp-content/themes/suffusion/images/caldark.png" failed (2: No such file or directory), client: 84.114.113.64, server: namhuy.net, request: "GET /wp-content/themes/suffusion/images/caldark.png HTTP/1.1", host: "namhuy.net"
    2014/05/23 06:29:01 [error] 12940#0: *26936 open() "/var/www/html/wp-content/themes/suffusion/images/icons/folderbl16.png" failed (2: No such file or directory), client: 84.114.113.64, server: namhuy.net, request: "GET /wp-content/themes/suffusion/images/icons/folderbl16.png HTTP/1.1", host: "namhuy.net"
    2014/05/23 06:29:01 [error] 12940#0: *26937 open() "/var/www/html/wp-content/themes/suffusion/images/blockquote-l.png" failed (2: No such file or directory), client: 84.114.113.64, server: namhuy.net, request: "GET /wp-content/themes/suffusion/images/blockquote-l.png HTTP/1.1", host: "namhuy.net"
    2014/05/23 06:29:01 [error] 12940#0: *26938 open() "/var/www/html/wp-content/themes/suffusion/images/icons/bulletrbl.png" failed (2: No such file or directory), client: 84.114.113.64, server: namhuy.net, request: "GET /wp-content/themes/suffusion/images/icons/bulletrbl.png HTTP/1.1", host: "namhuy.net"
    2014/05/23 07:16:45 [error] 12944#0: *29427 open() "/var/www/html/wp-content/themes/suffusion/images/icons/folderbl16.png" failed (2: No such file or directory), client: 84.114.113.64, server: namhuy.net, request: "GET /wp-content/themes/suffusion/images/icons/folderbl16.png HTTP/1.1", host: "namhuy.net"
    2014/05/23 07:16:45 [error] 12944#0: *29428 open() "/var/www/html/wp-content/themes/suffusion/images/caldark.png" failed (2: No such file or directory), client: 84.114.113.64, server: namhuy.net, request: "GET /wp-content/themes/suffusion/images/caldark.png HTTP/1.1", host: "namhuy.net"
    2014/05/23 07:16:45 [error] 12944#0: *29429 open() "/var/www/html/wp-content/themes/suffusion/images/icons/bulletrbl.png" failed (2: No such file or directory), client: 84.114.113.64, server: namhuy.net, request: "GET /wp-content/themes/suffusion/images/icons/bulletrbl.png HTTP/1.1", host: "namhuy.net"
    2014/05/23 07:16:45 [error] 12944#0: *29430 open() "/var/www/html/wp-content/themes/suffusion/images/blockquote-l.png" failed (2: No such file or directory), client: 84.114.113.64, server: namhuy.net, request: "GET /wp-content/themes/suffusion/images/blockquote-l.png HTTP/1.1", host: "namhuy.net"
    
Sign In or Register to comment.