New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
how to prevent this kind of bots
2014/05/21 01:07:35 [error] 6555#0: *11493 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/mailing/tools/fckeditor/editor/filemanager/browser/default/connectors/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /mailing/tools/fckeditor/editor/filemanager/browser/default/connectors/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 01:07:38 [error] 6555#0: *11499 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/admin/fckeditor/editor/filemanager/browser/default/connectors/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /admin/fckeditor/editor/filemanager/browser/default/connectors/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 01:07:42 [error] 6555#0: *11493 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/admin/FCKeditor/editor/filemanager/browser/default/connectors/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /admin/FCKeditor/editor/filemanager/browser/default/connectors/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 01:07:47 [error] 6555#0: *11493 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/webadmin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /webadmin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 01:07:50 [error] 6555#0: *11508 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 01:07:51 [error] 6555#0: *11493 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php (No such file or directory)" while reading response header from upstream, client: 182.114.228.70, server: namhuy.net, request: "GET /FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 04:14:56 [error] 6556#0: *21756 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/wp-pages.php (No such file or directory)" while reading response header from upstream, client: 5.199.142.250, server: namhuy.net, request: "GET /wp-pages.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net", referrer: "http://namhuy.net/wp-pages.php"
2014/05/21 06:04:37 [error] 6555#0: *28190 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/wp-includes/images/wlw/wp-icons.php (No such file or directory)" while reading response header from upstream, client: 5.199.142.250, server: namhuy.net, request: "GET /wp-includes/images/wlw/wp-icons.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net", referrer: "http://namhuy.net/wp-includes/images/wlw/wp-icons.php"
2014/05/21 09:38:35 [error] 6555#0: *41193 open() "/var/www/html/post-sitemap.xml" failed (2: No such file or directory), client: 66.249.66.127, server: namhuy.net, request: "GET /post-sitemap.xml HTTP/1.1", host: "namhuy.net"
2014/05/21 10:16:55 [error] 6557#0: *43157 open() "/var/www/html/wp-content/plugins/jetpack/modules/sharedaddy/IMGROOT/sprite.png" failed (2: No such file or directory), client: 184.63.14.2, server: namhuy.net, request: "GET /wp-content/plugins/jetpack/modules/sharedaddy/IMGROOT/sprite.png HTTP/1.1", host: "namhuy.net"
2014/05/21 11:25:56 [error] 6557#0: *47291 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/wp-includes/images/wlw/wp-icons.php (No such file or directory)" while reading response header from upstream, client: 5.199.142.250, server: namhuy.net, request: "GET /wp-includes/images/wlw/wp-icons.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net", referrer: "http://namhuy.net/wp-includes/images/wlw/wp-icons.php"
2014/05/21 11:38:44 [error] 6555#0: *48173 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/3055/index.php (No such file or directory)" while reading response header from upstream, client: 213.251.187.189, server: namhuy.net, request: "POST /3055/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 11:38:46 [error] 6555#0: *48176 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/3055/index.php (No such file or directory)" while reading response header from upstream, client: 213.251.187.189, server: namhuy.net, request: "POST /3055/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 11:38:47 [error] 6555#0: *48169 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/images/stories/rapika.php (No such file or directory)" while reading response header from upstream, client: 213.251.187.189, server: namhuy.net, request: "GET /images/stories/rapika.php?rf HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
2014/05/21 11:38:48 [error] 6555#0: *48176 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/3055/images/stories/rapika.php (No such file or directory)" while reading response header from upstream, client: 213.251.187.189, server: namhuy.net, request: "GET /3055/images/stories/rapika.php?rf HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "namhuy.net"
is there any way to block this kind of bot? happen quite often lately to my website it keeps crawling for non existing link.
Comments
Seeing as you dont run/have the content they request its no biggie, if you do, just rename + fail2ban.
From this log I'd say they send probe requests to find vulnerable scripts.
If it is always the same set of IP addresses, you could simply block them on a network level. Otherwise you might want to block the requested files on the web server level.
is there anything to prevent them? They target something like admin.php administrator bitrix uploadify and all sort of keywords. Kindda bother me.
What I wrote.
Mod_Security with a decent set of rules can block a lot of this, but there will always be bots probing your site, welcome to the World Wide Web.
CSF will block any scanner looking for ports.
Mod_Sec apache module will block an agent without a header signature or a non standard browser signature.
CSF block email
Mod_Sec denying the request
location ~.php {
try $uri =404;
Try CSF. Also renaming any admin directories, or even putting up fake admin directories can help quite a bit.
But as said before, welcome to the world wide web
I'm using rewrite right now, but I have to update it by hand.. I want something automate
rewrite ~*/(directory|administrator|bitrix|braille|fckeditor|member|phpThumb|wlw|stories|hotfix|uploadify)/ http://127.0.0.1 permanent;
As @Rallias wrote, Add
try_files $uri =404;
in your fastcgi block.try_files $uri =404;
works for php, now they crawl for images files