Log question


#1

Hi,

I’m sorry if this isn’t in the right forum but I was going through my access log and I found this weird hit and was wondering if someone could explain to me what it is?

It doesn’t seem to be a bot because it isn’t labeled as one?

78.29.15.137 - - [28/Feb/2012:15:13:54 -0800] “GET /administrator/ HTTP/1.1” 404 496 “-” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MAAR; .NET4.0C; .NET4.0E; AskTbPTV2/5.9.1.14019)”

It’s the GET /administrator part that I am curious about? The IP says it’s from Russia so maybe it is a bot?


#2

it’s an attacker looking for a page named /administrator/ on your site and it wasn’t found from the 404 error code right after that. Look for other entries from that IP… I bet there are alot… It most likely is a bot and not a live person, just not a good bot. It will try a number of URL’s to see if it gets a response… if it get’s a 200 response then a human will come back and try breaking into whatever the bot found.