PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Wed Dec 19, 2018 11:30 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Sun May 04, 2014 11:51 pm 
Offline
Forum Newbie

Joined: Sun May 04, 2014 11:44 pm
Posts: 3
I was looking through my server logs today and noticed many attempts to connect to PHP pages with strings appended like this:

/RK=0/RS=S1EFScHuZogilFCMsrNbKJGrflQ-

So the full url is something like

http://www.mysite.com/index.php/RK=0/RS ... NbKJGrflQ-

There are a bunch of different similar looking strings. Is this some kind of hack? Or just some random bot or something?

Thanks for any help.


Top
 Profile  
 
PostPosted: Mon May 05, 2014 12:06 am 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA
When you were looking in the logs, did you happen to see the IP address? User agent string?


Top
 Profile  
 
PostPosted: Mon May 05, 2014 4:11 am 
Offline
Forum Newbie

Joined: Sun May 04, 2014 11:44 pm
Posts: 3
165.231.*
38.84.*
192.3.*
69.12.*
66.85.*
50.3.*
23.239.*

Mozilla/5.0 and Mozilla/4.0


Last edited by requinix on Mon May 05, 2014 4:27 am, edited 1 time in total.
redacted to /16


Top
 Profile  
 
PostPosted: Mon May 05, 2014 4:32 am 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA
No offense but I edited the IP addresses in your post. Not much to gain by knowing the full addresses so I'm opting for the normal etiquette of keeping them private.

Yes, it does seem to be a botnet probing for vulnerabilities. Lots of people on the internet reporting the same issue.
Unless the accesses are causing you problems, I'd just ignore them - they'll go away on their own. But if you're worried you can set up some blocking for that RK/RS pattern.


Top
 Profile  
 
PostPosted: Mon May 05, 2014 6:07 pm 
Offline
Forum Newbie

Joined: Sun May 04, 2014 11:44 pm
Posts: 3
Thanks.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: Bing [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group