Question :
I was checking my “recent visitors” and noticed the following script coming from an ip address in Europe. Can anyone make out what’s going on and should I block this address?
Host: 85.25.**.**
//phpMyAdmin1/scripts/setup.php
Http Code: 404 Date: Nov 20 19:00:03 Http Version: HTTP/1.1 Size in Bytes: 2157
Referer: –
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)//phpMyAdmin/scripts/setup.php
Http Code: 404 Date: Nov 20 19:00:03 Http Version: HTTP/1.1 Size in Bytes: 2157
Referer: –
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
Answer :
That’s actually IE6’s user agent, except this is likely a bot spoofing it. It’s probing for vulnerabilities, and unfortunately the ip address belongs to a web host, so it could be anyone.
They are testing if you have those scripts installed and if they can access them
The best thing you can do is to make sure all your scripts are up to date. If you keep getting slammed from the same ip address or range, you can block it or redirect their requests.