Unusual website traffic

N

November 5

Got this from the logs today. Never seen any browsing pattern like it
before. Anything to be worried about?

208.71.173.74 "GET //CACATs HTTP/1.0" 404 1252 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //scripts/setup.php HTTP/1.0" 404 593 "-" "Mozilla/
4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/pma/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //db/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //dbadmin/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //myadmin/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //mysql/scripts/setup.php HTTP/1.0" 404 218 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //mysqladmin/scripts/setup.php HTTP/1.0" 404 223
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmyadmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmyadmin1/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmyadmin2/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //pma/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //web/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //php-my-admin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //websql/scripts/setup.php HTTP/1.0" 404 219 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmyadmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //php-my-admin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.0" 404
229 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.0" 404
229 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.0"
404 233 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.0"
404 233 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.0"
404 233 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.0"
404 233 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.0" 404
229 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.0" 404
229 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //sqlmanager/scripts/setup.php HTTP/1.0" 404 223
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //mysqlmanager/scripts/setup.php HTTP/1.0" 404 225
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //p/m/a/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //pma2005/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmanager/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //php-myadmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmy-admin/scripts/setup.php HTTP/1.0" 404 224
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //webadmin/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //sqlweb/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //websql/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //webdb/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //mysqladmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //mysql-admin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
 
P

Paul

November said:
Got this from the logs today. Never seen any browsing pattern like it
before. Anything to be worried about?

208.71.173.74 "GET //CACATs HTTP/1.0" 404 1252 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //scripts/setup.php HTTP/1.0" 404 593 "-" "Mozilla/
4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/pma/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
Click to expand...

<< more scanning fun snipped >>

A quick search, using this as a search term:

admin/phpmyadmin/scripts/setup.php

says:

"ZmEu Attack"

I'm sure if you pop a few more of those in the search engine, there
may be other explanations.

As long as your server doesn't leak any details about itself,
that'll make it harder to crack.

HTH,
Paul
 
T

Tim Watts

Got this from the logs today. Never seen any browsing pattern like it
before. Anything to be worried about?

208.71.173.74 "GET //CACATs HTTP/1.0" 404 1252 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
Click to expand...

....

That's easy - someone's crappy cracking script is having a go at your
webserver trying to find an exploit.

If you get a lot of this, and it's annoying you, you could install
fail2ban and have it watch the log files for excessive 404 errors from
any one IP and it can drop a temporary iptables block in against that IP.
 
B

Brian Cryer

November 5 said:
Got this from the logs today. Never seen any browsing pattern like it
before. Anything to be worried about?

208.71.173.74 "GET //CACATs HTTP/1.0" 404 1252 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
Click to expand...
<snip>

Paul and Tim seem to have adequatly answered this. For next time
alt.www.webmaster might be a more appropriate group to post this type of
question to.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What does 'Embedded Web Browser from: http://bsalsa.com/' mean? 1
UserAgent data 5
Webpage error 3
404 error when dowloading DLL files from IIS 6.0? 2
Why IE shows "Mozilla" in User-Agent field of its request? 1
Help 1
Wanted: User Agent\Post Platform registry file showing the .Net extensions 1
IIS 7.0 and Windows Integrated Authentication? 1

Top