Welcome to WebmasterWorld Guest from 54.235.1.148

Forum Moderators: Ocean10000 & incrediBILL & keyplyr

Message Too Old, No Replies

Inktomi vulnerability probe

WordPress probe

     
7:43 am on May 9, 2014 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6092
votes: 75




I'm accustomed to getting requests for WordPress files, even though I don't use WP and never have. This is common behavior from potential hackers looking for a way in. What surprises me is these requests coming from an Inktomi range:


74.6.53.180 - - [08/May/2014:23:45:12 -0700] "GET /wp-admin/ HTTP/1.1" 403 491 "-" "-"
74.6.53.180 - - [08/May/2014:23:53:54 -0700] "GET /wordpress/wp-admin/ HTTP/1.1" 403 511 "-" "-"
74.6.53.180 - - [09/May/2014:00:02:37 -0700] "GET /blog/wp-admin/ HTTP/1.1" 403 501 "-" "-"
7:32 pm on May 9, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3100
votes: 3


I think that's now part of yahoo's hosting range. The specific IP has rDNS of hostingprod[.]com which looks like for-rent web space. I've had the full IP range blocked for some time.
8:09 pm on May 9, 2014 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6092
votes: 75



Yes, when I looked through my notes as to why the hits were blocked with a 403, I saw I had these HostingProd ranges blocked... [webmasterworld.com...]

but since this was a new thread, I was not allowed to edit or change my post. This is a major PINTA here at WW.
7:45 pm on May 10, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3100
votes: 3


> This is a major PINTA here at WW.

Agreed. Mods: is there any way that (eg) accredited members can bypass the verification system?
1:52 am on May 11, 2014 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6092
votes: 75




Most other forums only queue posts from members with less than 100 posts.
6:26 pm on May 11, 2014 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14643
votes: 93


we normally don't discuss moderation in the forums but this information should be in the Spiders charter so here goes.

There are only a couple of WebmasterWorld forums in pre-mod and the spiders forum is that way because of the sensitive nature of the content.

Sometimes the content contains actual information identifying real individuals and we don't want actual people being called out as scrapers or spammers or something legally actionable.

Therefore, all spiders posts are pre-mod.

Sorry, but it was that way before i got here and it'll be that way when I'm gone most likely.

This is going off topic and I'll probably split this to a different thread later but I thought I'd get the answer out there to end any speculation.
7:27 pm on May 11, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3100
votes: 3


Thanks, Bill. Fair enough.
4:16 am on May 12, 2014 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10550
votes: 10


as incrediBILL mentioned, Search Engine Spider and User Agent Identification is one of the few WebmasterWorld forums that allows specific information to be published.

this is a very specialized forum and practically speaking, members would have to be "accredited" on an individual basis at the discretion of this forum's moderators.

i don't think post count is a useful indicator in this case.
1:08 am on May 15, 2014 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6092
votes: 75


Is there an efficient way to get these posts activated faster? I've seen them sit on hold for several days. Sometimes by the time they get approved, they're irrelevant.

Here's one of mine that has sat on hold for a day: [webmasterworld.com...]
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members