What kind of strange requests to the server at the addresses of popular cms admins?

H

HaruAtari2014-12-30 15:02:22

PHP

HaruAtari, 2014-12-30 15:02:22

Good afternoon.
Apache found some strange entries in logs today. Someone requests pages:
/wp-admin/
/wordpress/wp-admin/
/blog/wp-admin/
//cgi-bin/php.chi
In the logs, such a request looks like this:

***:80 ***.***.***.*** - - [30/Dec/2013:15:38:33 +0400] "GET /cgi-bin/php.cgi HTTP/1.1" 404 1685 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"

As I understand it, they are looking for the admin login page.
I have a self-written csm and the admin panel does not look outside. Tell me, is it worth being afraid of this and is it possible to somehow stop it?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

Y

Yuri Shikanov, 2014-12-30
@HaruAtari

It is likely that these are some kind of crawlers that are engaged in automated hacking of sites using known vulnerabilities in popular CMS.

V

Vsevolod, 2014-12-30
@sevka_fedoroff

There are browser plugins that determine which CMS the site is made with. Maybe something like this is installed?