Or so it would seem... This doesn't seem like bot activity to me, because it is looking for specific pages... and this is a brand new domain name, that I haven't submitted to any engines.. but what do I know... Anyone seen activity like this on there site?
warning page not found 6 Mar 2006 - 11:16pm xmlsrv/xmlrpc.php not found. guest
warning page not found 6 Mar 2006 - 11:16pm xmlrpc/xmlrpc.php not found. guest
warning page not found 6 Mar 2006 - 11:15pm wordpress/xmlrpc.php not found. guest
warning page not found 6 Mar 2006 - 11:15pm phpgroupware/xmlrpc.php not found. guest
warning page not found 6 Mar 2006 - 11:15pm drupal/xmlrpc.php not found. guest
warning page not found 6 Mar 2006 - 11:15pm blogs/xmlsrv/xmlrpc.php not found. guest
warning page not found 6 Mar 2006 - 11:15pm cvs/mambo/index2.php not found. guest
warning page not found 6 Mar 2006 - 11:15pm articles/mambo/index2.php not found. guest
warning page not found 6 Mar 2006 - 11:15pm cvs/index2.php not found. guest
warning page not found 6 Mar 2006 - 11:15pm mambo/index2.php not found. guest
warning page not found 6 Mar 2006 - 11:15pm index2.php not found. guest
cheers..
Comments
Bot's don't wait for you to submit
I have a site where I experienced something similar, but it turned out to be a Google bot. I never submitted the site to any engines.
Roger
hmmm.
okay.... maybe i just need to put a robots.txt on there so they stop looking in all the wrong places.. :)
thx..
check out the IP addresses
of the visitors, that should narrow it down a bit more
ok... 2 different ip's
after an ip lookup:
one of them came up as:
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
and the other:
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
i could've sworn
i could've sworn in 4.6 you could look at the ip's right from your admin page... i had to go look them up in my watchdog table...
this is strange...
it just seems like they are looking for some specific pages here... this seems strange to me..
Welcome to webhosting. It's
Welcome to webhosting. It's an automated scrupt looking for known vulnerabilties to exploit.
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
right...
that's what i figured, but on my site that is 6 years old or so, i'm not getting these hits, and this site/domain is maybe a month old.... oh well... good thing drupal is secure! thx
Well..
You don't need to submit your site to google to get crawled by it if it finds a link anywhere, it will click it and then finds another link and click it.... (etc.)
Ben
Benofsky Park.com
Ben McRedmond,
HiPPstr Project Leader
webserver logs
Just check your webserver logs for the IP/domain of the "person" making those requests.
Erlend Strømsvik
erlend@nymedia.no
Ny Media AS - www.nymedia.no
my site is getting same messages 5-6 times a day
I looked up the IP address and found:
Registrant:
KRNIC
211.172.0.0 - 211.199.255.255
Address:
Korea Network Information Center
Country:
KR
Administrative, Technical Contact:
Host Master (hostmaster@nic.or.kr)
11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
Seoul, Korea, 137-857
Phone: +82-2-2186-4500
Fax: +82-2-2186-4496
Information Source:
Asia Pacific Network Information Center
My webhost has a feature to block a range of IP addresses to prevent them from accessing my site.
So I've added two, both of which are from this APNIC.
Hope this helps.
How about this, could it be
How about this, could it be a bot?
page not found Mar 29 2006 - 12:31am
XMLRPC.php Ping a possibility
In your module list, there is a module that is meant to ping Blog llibraries with XML of your website updates.
If you did not disable that module, it could have pinged one of those libraries which may be looking for content on your website. There was a previous bug-alert last year regarding this feature (that was fixed) and I hope that the version that you are using is secure.
Are you using RSS to collect information from toher websites? if so, they know who you are and some script somewhere decided to visit you with some specific requests (Could be probing for your info - like your online calendar and email addresses).
I would also recommend examining the IP addresses and resolving them to find out who the owner is and where they are located (I like using DNSstuff) to probe IP origins
-----
Web Development, Production & Marketing Advice - http://www.cmsproducer.com/click/26/3
-----
Donny Nyamweya - USER25.com
First of all, thanks a lot
First of all, thanks a lot for the reply.
1)ping module is disabled. Long ago was enabled.
2) I was using RSS feed from other websites. It's been a couple of months since I disabled aggregator module itself.
3) I also like DNSstuff . One such IP 61.8.144.170 comes from an ISP in New Delhi, India. Yea, I am also from India and the server is hosted at VSNL Data Centre which is also in India.
http://61.8.144.170/
Are there any chances someone is trying to access a page that is not existing any more?
</p></div><div class= not
</p></div><div class= not found.Thats the message it leaves in the log
That is strange...
You may have a link on your site that is broken.. for instance
<a href="without anything in there would probably output that page...Is this an example of the
Is this an example of the xss exploite being used against phpnuke and phpbb ? We had a web site based on myphpnuke and our isp just shut it down due to xss exploites against . So now we are looking at Drupal :-)