Sunday, March 04, 2007

A bunch of IPs requesting stuff we don't host

The following are related hacker IPs probably controlled by a command and control bot:

They all hit our site at the same time requesting things our server does not host.

Here's another set shortly before doing something similar, probably also related to the above:

Perhaps someone pointed a domain to the wrong IP since they were all hitting the same domain.

These IPs are all requesting php files -- the favorite language of the hacked and hackers as far as I can tell by the percentage of hacks in the logs on various types of web programming and scripting languages.