miller-lite Posted April 10, 2008 Posted April 10, 2008 I just went into my cpanel to see the latest visitors to my site. While scrolling through things everything appeared normal, saw the usual crawler activity accessing images, stylesheets, etc. One showed things been accessed that I have never seen accessed before. This is what I found: Host: 84.36.153.219 • /catalog/logs/n.php Http Code: 500 Date: Apr 09 13:40:21 Http Version: HTTP/1.1 Size in Bytes: 5 Referer: - Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 • /catalog/logs/s.php Http Code: 200 Date: Apr 09 13:44:00 Http Version: HTTP/1.1 Size in Bytes: 1626 Referer: - Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 • /catalog/logs/sys_cpanel/images/bottombody.jpg Http Code: 404 Date: Apr 09 13:44:03 Http Version: HTTP/1.1 Size in Bytes: - Referer: http://www.jvgallery.com/catalog/logs/.p.php Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 • /catalog/logs/s.php?youruser=gallery5&victimuser=securit3&folder=%2Fcatalog%2Flogs&file=%2Fcommuni Http Code: 200 Date: Apr 09 13:48:37 Http Version: HTTP/1.1 Size in Bytes: 1673 Referer: http://www.jvgallery.com/catalog/logs/s.php Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 • /catalog/logs/omega.txt Http Code: 200 Date: Apr 09 13:48:40 Http Version: HTTP/1.1 Size in Bytes: 1393 Referer: http://www.jvgallery.com/catalog/logs/s.ph...r=securit3& Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 • /catalog/logs/sql.php Http Code: 500 Date: Apr 09 13:48:58 Http Version: HTTP/1.1 Size in Bytes: 1380 Referer: - Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 • /catalog/logs/.p.php Http Code: 200 Date: Apr 09 14:06:07 Http Version: HTTP/1.1 Size in Bytes: 52926 Referer: - Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 I went did a WHOIS query on the IP Address and got the following info: OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL and here is their web site: http://www.ripe.net/info/ncc/ My question is how are they able to get to the files they were trying to access? Do I have a major problem with my security? Verne
Recommended Posts
Archived
This topic is now archived and is closed to further replies.