Inktomi vulnerability probe

Forum Moderators: open

Message Too Old, No Replies

Inktomi vulnerability probe

WordPress probe

keyplyr

7:43 am on May 9, 2014 (gmt 0)

I'm accustomed to getting requests for WordPress files, even though I don't use WP and never have. This is common behavior from potential hackers looking for a way in. What surprises me is these requests coming from an Inktomi range:

74.6.53.180 - - [08/May/2014:23:45:12 -0700] "GET /wp-admin/ HTTP/1.1" 403 491 "-" "-"
74.6.53.180 - - [08/May/2014:23:53:54 -0700] "GET /wordpress/wp-admin/ HTTP/1.1" 403 511 "-" "-"
74.6.53.180 - - [09/May/2014:00:02:37 -0700] "GET /blog/wp-admin/ HTTP/1.1" 403 501 "-" "-"

dstiles

7:32 pm on May 9, 2014 (gmt 0)

I think that's now part of yahoo's hosting range. The specific IP has rDNS of hostingprod[.]com which looks like for-rent web space. I've had the full IP range blocked for some time.

keyplyr

8:09 pm on May 9, 2014 (gmt 0)

Yes, when I looked through my notes as to why the hits were blocked with a 403, I saw I had these HostingProd ranges blocked... [webmasterworld.com...]

but since this was a new thread, I was not allowed to edit or change my post. This is a major PINTA here at WW.

dstiles

7:45 pm on May 10, 2014 (gmt 0)

> This is a major PINTA here at WW.

Agreed. Mods: is there any way that (eg) accredited members can bypass the verification system?

keyplyr

1:52 am on May 11, 2014 (gmt 0)

Most other forums only queue posts from members with less than 100 posts.

incrediBILL

6:26 pm on May 11, 2014 (gmt 0)

we normally don't discuss moderation in the forums but this information should be in the Spiders charter so here goes.

There are only a couple of WebmasterWorld forums in pre-mod and the spiders forum is that way because of the sensitive nature of the content.

Sometimes the content contains actual information identifying real individuals and we don't want actual people being called out as scrapers or spammers or something legally actionable.

Therefore, all spiders posts are pre-mod.

Sorry, but it was that way before i got here and it'll be that way when I'm gone most likely.

This is going off topic and I'll probably split this to a different thread later but I thought I'd get the answer out there to end any speculation.

dstiles

7:27 pm on May 11, 2014 (gmt 0)

Thanks, Bill. Fair enough.

phranque

4:16 am on May 12, 2014 (gmt 0)

as incrediBILL mentioned, Search Engine Spider and User Agent Identification is one of the few WebmasterWorld forums that allows specific information to be published.

this is a very specialized forum and practically speaking, members would have to be "accredited" on an individual basis at the discretion of this forum's moderators.

i don't think post count is a useful indicator in this case.

keyplyr

1:08 am on May 15, 2014 (gmt 0)

Is there an efficient way to get these posts activated faster? I've seen them sit on hold for several days. Sometimes by the time they get approved, they're irrelevant.

Here's one of mine that has sat on hold for a day: [webmasterworld.com...]