jand
(JAn)
April 29, 2009, 8:08am
1
hi,
at first sry for my bad english
i installed Piwik one moth ago. one week later some java client start to scan my site. The client try to find the file âpiwik.phpâ in every path.
example:
Array
(
[SCRIPT_URL] => /Besucher/piwik.php
[SCRIPT_URI] => http://www.discounto.de/Besucher/piwik.php
[HTTP_CACHE_CONTROL] => no-cache
[HTTP_PRAGMA] => no-cache
[HTTP_USER_AGENT] => Java/1.6.0_07
[HTTP_HOST] => www.discounto.de
[HTTP_ACCEPT] => text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
[HTTP_CONNECTION] => keep-alive
[REMOTE_ADDR] => 77.208.49.166
[REMOTE_PORT] => 3100
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /Besucher/piwik.php
[SCRIPT_NAME] => /Besucher/piwik.php
[PHP_SELF] => /Besucher/piwik.php
[REQUEST_TIME] => 1240982879
)
Anyone register similar behavior? Maybe somebody looking arround for some backdoor?
best regards,
Jan
kolchak
(kolchak)
April 29, 2009, 11:59pm
2
I havenât seen this, but would be interesting to get some more information. How often do you see it? Is there a referer?
jand
(JAn)
April 30, 2009, 1:19pm
3
Two ore tree times a day different clients start 5 or 6 requests. I cant see the request witch dont throw an exception. So i cant say how much pages ore request they have done allready.
i would have a look on the server stats next weekend. then i can tell you more. Thre are no referer and always different ip adresses.
Example today:
Array
(
[SCRIPT_URL] => /piwik.php
[SCRIPT_URI] => http://www.discounto.de/piwik.php
[HTTP_CACHE_CONTROL] => no-cache
[HTTP_PRAGMA] => no-cache
[HTTP_USER_AGENT] => Java/1.6.0_04
[HTTP_HOST] => www.discounto.de
[HTTP_ACCEPT] => text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
[HTTP_CONNECTION] => keep-alive
[PATH] => /bin:/usr/bin:/sbin:/usr/sbin
[SERVER_SOFTWARE] => Apache/2.2.3 (Linux/SUSE)
[SERVER_NAME] => www.discounto.de
[SERVER_ADDR] => 87.106.211.108
[SERVER_PORT] => 80
[REMOTE_ADDR] => 89.122.29.82
[REMOTE_PORT] => 53338
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /piwik.php
[SCRIPT_NAME] => /piwik.php
[PHP_SELF] => /piwik.php
[REQUEST_TIME] => 1241096637
)