[Nottingham] A website attack from google?!
Frederic Vagner
fred at vagner.me.uk
Mon May 3 12:22:57 UTC 2010
Hi,
You think it's Google but in fact, it's not.
First, Google only uses one IP address when crawling a website.
Second, Google does not crawl pages that do not have links to them.
So, this is someone trying to hack your website, and if you look a bit
deeper using the IP address, you will find :
95.211.132.69 resolves to : hosted-by.leaseweb.com
Google does not use such hosting company ... but hackers do ;-)
Good luck
Fred
On Mon, 2010-05-03 at 13:02 +0100, Martin wrote:
> Folks,
>
> Hope you've got all your Drupals and Joomlas and whatever else locked down:
>
>
> 95.211.132.71 - - [01/May/2010:19:09:44 +0100] "GET
> /administrator/index.php HTTP/1.1" 301 267 "-" "Mozilla/5.0 (compatible;
> Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.72 - - [01/May/2010:19:10:01 +0100] "GET
> /joomla/administrator/index.php HTTP/1.1" 301 274 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.69 - - [01/May/2010:19:10:01 +0100] "GET
> /site/administrator/index.php HTTP/1.1" 301 272 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.69 - - [01/May/2010:19:10:01 +0100] "GET
> /cms/administrator/index.php HTTP/1.1" 301 271 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.74 - - [01/May/2010:19:10:01 +0100] "GET
> /content/administrator/index.php HTTP/1.1" 301 275 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.71 - - [01/May/2010:19:10:01 +0100] "GET
> /home/administrator/index.php HTTP/1.1" 301 272 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.73 - - [01/May/2010:19:10:01 +0100] "GET
> /main/administrator/index.php HTTP/1.1" 301 272 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.73 - - [01/May/2010:19:10:01 +0100] "GET
> /portal/administrator/index.php HTTP/1.1" 301 274 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.74 - - [01/May/2010:19:10:01 +0100] "GET
> /web/administrator/index.php HTTP/1.1" 301 271 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.72 - - [01/May/2010:19:10:01 +0100] "GET
> /v1/administrator/index.php HTTP/1.1" 301 270 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.74 - - [01/May/2010:19:10:01 +0100] "GET
> /v2/administrator/index.php HTTP/1.1" 301 270 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.69 - - [01/May/2010:19:10:01 +0100] "GET
> /j/administrator/index.php HTTP/1.1" 301 269 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.73 - - [01/May/2010:19:10:01 +0100] "GET
> /en/administrator/index.php HTTP/1.1" 301 270 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.72 - - [01/May/2010:19:10:01 +0100] "GET
> /joom/administrator/index.php HTTP/1.1" 301 272 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.72 - - [01/May/2010:19:10:01 +0100] "GET
> /Joomla/administrator/index.php HTTP/1.1" 301 274 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.72 - - [01/May/2010:19:10:01 +0100] "GET
> /joomla1.5/administrator/index.php HTTP/1.1" 301 277 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.69 - - [01/May/2010:19:10:01 +0100] "GET
> /joomla15/administrator/index.php HTTP/1.1" 301 276 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.74 - - [01/May/2010:19:10:01 +0100] "GET
> /joomla2/administrator/index.php HTTP/1.1" 301 275 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.69 - - [01/May/2010:19:10:01 +0100] "GET
> /joomla1/administrator/index.php HTTP/1.1" 301 275 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.72 - - [01/May/2010:19:10:01 +0100] "GET
> /Site/administrator/index.php HTTP/1.1" 301 272 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.73 - - [01/May/2010:19:10:01 +0100] "GET
> /site_old/administrator/index.php HTTP/1.1" 301 276 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.72 - - [01/May/2010:19:10:01 +0100] "GET
> /Site_old/administrator/index.php HTTP/1.1" 301 276 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.69 - - [01/May/2010:19:10:01 +0100] "GET
> /cms_old/administrator/index.php HTTP/1.1" 301 275 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.74 - - [01/May/2010:19:10:01 +0100] "GET
> /joomla_old/administrator/index.php HTTP/1.1" 301 278 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.73 - - [01/May/2010:19:10:01 +0100] "GET
> /CMS/administrator/index.php HTTP/1.1" 301 271 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.69 - - [01/May/2010:19:10:01 +0100] "GET
> /test/administrator/index.php HTTP/1.1" 301 272 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
> 95.211.132.73 - - [01/May/2010:19:10:01 +0100] "GET
> /backup/administrator/index.php HTTP/1.1" 301 274 "-" "Mozilla/5.0
> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
>
>
>
> So... Why would Google go sniffing around the admin pages of whatever wikis?
>
>
> It's a jungle out there!
>
> Cheers,
> Martin
>
More information about the Nottingham
mailing list