1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 9:13 pm May 4, 2026

Forum Moderators: open

Message Too Old, No Replies

Made by ZmEu @ WhiteHat v0.3 (www.WhiteHat.ro)

         

GaryK

3:07 pm on Nov 16, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Made by ZmEu @ WhiteHat v0.3 (www.WhiteHat.ro)
80.68.95.nn
taleyarkhan.com
-----
inetnum: 80.68.88.0 - 80.68.95.255
status: ASSIGNED PA
country: GB
-----
READ ROBOTS.TXT? No
OBEYED ROBOTS.TXT? No
-----
Appears to be looking for ways to exploit ZenCart e-commerce system.
None of the folders or files it requested exists on any of the multiple sites it crawled.

/ZenCart/includes/general.js
/admin/includes/general.js
/catalog/includes/general.js

Pfui

9:44 pm on Nov 16, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Whatever else ZmEu is, it's baaaad news. Exploits/actions resemble Toata's but hits not nearly as rapid-fire. Details below, a partial listing of IPs hit, courtesy of a (presumably) zombied XO Communications user:

IP: 140.239.67.nn
UA: ZmEu

They hit our IPs sequentially over a period of hours, and curiously, not all exploits ran every time. Rather, the hits cycled per exploit:

Site #1

11/15 01:04:59 /pma/scripts/setup.php
11/15 01:41:15 /dbadmin/scripts/setup.php
11/15 02:20:45 /mysql/scripts/setup.php
11/15 02:55:38 /myadmin/scripts/setup.php
11/15 03:35:20 /webdb/scripts/setup.php
11/15 04:09:38 /mysqladmin/scripts/setup.php
11/15 04:47:38 /sqladmin/scripts/setup.php
11/15 05:38:25 /phpmyadmin/scripts/setup.php
11/15 06:16:41 /phpMyAdmin/scripts/setup.php

Site #2

11/15 01:05:00 /pma/scripts/setup.php
11/15 01:41:15 /dbadmin/scripts/setup.php
11/15 02:20:45 /mysql/scripts/setup.php
11/15 02:55:38 /myadmin/scripts/setup.php
11/15 03:35:21 /webdb/scripts/setup.php
11/15 04:09:38 /mysqladmin/scripts/setup.php
11/15 04:47:39 /sqladmin/scripts/setup.php
11/15 05:38:25 /phpmyadmin/scripts/setup.php
11/15 06:16:42 /phpMyAdmin/scripts/setup.php

Site #3

11/15 04:09:39 /mysqladmin/scripts/setup.php
11/15 04:09:40 /mysqladmin/scripts/setup.php
11/15 04:09:40 /mysqladmin/scripts/setup.php
11/15 04:47:40 /sqladmin/scripts/setup.php
11/15 04:47:41 /sqladmin/scripts/setup.php
11/15 04:47:41 /sqladmin/scripts/setup.php

(And all of the above is why I stick with Perl scripts:)

Pfui

7:17 am on Dec 12, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Variation on this still-nasty UA, this time spewed forth from Budapest:

77.111.88.1*
Made by ZmEu @ WhiteHat Team - www.whitehat.ro

All URIs in the following ~90-second thwarted smackdown are preceded by // ...

10:26:39 //
10:26:40 //admin/
10:26:40 //admin/pma/
10:26:41 //admin/phpmyadmin/
10:26:41 //db/
10:26:41 //dbadmin/
10:26:42 //myadmin/
10:26:42 //mysql/
10:26:43 //mysqladmin/
10:26:43 //typo3/phpmyadmin/
10:26:43 //phpadmin/
10:26:44 //phpMyAdmin/
10:26:44 //phpmyadmin/
10:26:45 //phpmyadmin1/
10:26:45 //phpmyadmin2/
10:26:46 //pma/
10:26:46 //web/phpMyAdmin/
10:26:46 //xampp/phpmyadmin/
10:26:47 //web/
10:26:47 //php-my-admin/
10:26:48 //websql/
10:26:48 //phpmyadmin/
10:26:49 //phpMyAdmin/
10:26:49 //phpMyAdmin-2/
10:26:49 //php-my-admin/
10:26:50 //phpMyAdmin-2.2.3/
10:26:50 //phpMyAdmin-2.2.6/
10:26:51 //phpMyAdmin-2.5.1/
10:26:51 //phpMyAdmin-2.5.4/
10:26:51 //phpMyAdmin-2.5.5-rc1/
10:26:52 //phpMyAdmin-2.5.5-rc2/
10:26:52 //phpMyAdmin-2.5.5/
10:26:53 //phpMyAdmin-2.5.5-pl1/
10:26:53 //phpMyAdmin-2.5.6-rc1/
10:26:54 //phpMyAdmin-2.5.6-rc2/
10:26:54 //phpMyAdmin-2.5.6/
10:26:54 //phpMyAdmin-2.5.7/
10:26:55 //phpMyAdmin-2.5.7-pl1/
10:26:55 //phpMyAdmin-2.6.0-alpha/
10:26:56 //phpMyAdmin-2.6.0-alpha2/
10:26:56 //phpMyAdmin-2.6.0-beta1/
10:26:56 //phpMyAdmin-2.6.0-beta2/
10:26:57 //phpMyAdmin-2.6.0-rc1/
10:26:57 //phpMyAdmin-2.6.0-rc2/
10:26:58 //phpMyAdmin-2.6.0-rc3/
10:26:58 //phpMyAdmin-2.6.0/
10:26:59 //phpMyAdmin-2.6.0-pl1/
10:26:59 //phpMyAdmin-2.6.0-pl2/
10:26:59 //phpMyAdmin-2.6.0-pl3/
10:27:00 //phpMyAdmin-2.6.1-rc1/
10:27:00 //phpMyAdmin-2.6.1-rc2/
10:27:01 //phpMyAdmin-2.6.1/
10:27:01 //phpMyAdmin-2.6.1-pl1/
10:27:01 //phpMyAdmin-2.6.1-pl2/
10:27:02 //phpMyAdmin-2.6.1-pl3/
10:27:02 //phpMyAdmin-2.6.2-rc1/
10:27:03 //phpMyAdmin-2.6.2-beta1/
10:27:03 //phpMyAdmin-2.6.2-rc1/
10:27:03 //phpMyAdmin-2.6.2/
10:27:04 //phpMyAdmin-2.6.2-pl1/
10:27:04 //phpMyAdmin-2.6.3/
10:27:05 //phpMyAdmin-2.6.3-rc1/
10:27:05 //phpMyAdmin-2.6.3/
10:27:06 //phpMyAdmin-2.6.3-pl1/
10:27:06 //phpMyAdmin-2.6.4-rc1/
10:27:06 //phpMyAdmin-2.6.4-pl1/
10:27:07 //phpMyAdmin-2.6.4-pl2/
10:27:07 //phpMyAdmin-2.6.4-pl3/
10:27:08 //phpMyAdmin-2.6.4-pl4/
10:27:08 //phpMyAdmin-2.6.4/
10:27:09 //phpMyAdmin-2.7.0-beta1/
10:27:10 //phpMyAdmin-2.7.0-rc1/
10:27:11 //phpMyAdmin-2.7.0-pl1/
10:27:11 //phpMyAdmin-2.7.0-pl2/
10:27:11 //phpMyAdmin-2.7.0/
10:27:12 //phpMyAdmin-2.8.0-beta1/
10:27:12 //phpMyAdmin-2.8.0-rc1/
10:27:13 //phpMyAdmin-2.8.0-rc2/
10:27:13 //phpMyAdmin-2.8.0/
10:27:13 //phpMyAdmin-2.8.0.1/
10:27:14 //phpMyAdmin-2.8.0.2/
10:27:14 //phpMyAdmin-2.8.0.3/
10:27:15 //phpMyAdmin-2.8.0.4/
10:27:15 //phpMyAdmin-2.8.1-rc1/
10:27:16 //phpMyAdmin-2.8.1/
10:27:16 //phpMyAdmin-2.8.2/
10:27:16 //sqlmanager/
10:27:17 //mysqlmanager/
10:27:17 //p/m/a/
10:27:18 //PMA2005/
10:27:18 //pma2005/
10:27:18 //phpmanager/
10:27:19 //php-myadmin/
10:27:19 //phpmy-admin/
10:27:20 //webadmin/
10:27:20 //sqlweb/
10:27:21 //websql/
10:27:21 //webdb/
10:27:21 //mysqladmin/
10:27:22 //mysql-admin/

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 9:13 pm May 4, 2026