Strange visitors

diabolic.bg · by **diabolic.bg** » Sat Jan 03, 2009 11:07 am

From 20 days I get more hack attempts in my site. My security is good (htaccess + ZB Block but two times I have a some strange visitors:

Code: Select all: 85.185.224.155 - - [03/Jan/2009:07:02:47 +0200] "GET /robots.txt HTTP/1.1" 200 941 "-" "Java/1.4.1_04" 85.185.224.155 - - [03/Jan/2009:07:02:47 +0200] "GET /urllist.txt HTTP/1.1" 200 41 "-" "Java/1.4.1_04" 85.185.224.155 - - [03/Jan/2009:07:02:48 +0200] "GET /phpbb2/rss.xml HTTP/1.1" 200 56994 "-" "Java/1.4.1_04" 85.185.224.155 - - [03/Jan/2009:07:02:52 +0200] "GET /phpbb2/urllist.txt HTTP/1.1" 200 9167 "-" "Java/1.4.1_04" 85.185.224.155 - - [03/Jan/2009:07:02:53 +0200] "GET /phpbb2/ggs_style/mxrss2.xsl HTTP/1.1" 200 7985 "-" "Java/1.4.1_04" 85.185.224.155 - - [03/Jan/2009:07:02:57 +0200] "GET /phpbb2/ggs_style/{$rss_link} HTTP/1.1" 404 1120 "-" "Java/1.4.1_04" 85.185.224.155 - - [03/Jan/2009:07:02:57 +0200] "GET /phpbb2/ggs_style/{link} HTTP/1.1" 404 1120 "-" "Java/1.4.1_04" 85.185.224.155 - - [03/Jan/2009:07:02:58 +0200] "GET /phpbb2/ggs_style/{channel/link} HTTP/1.1" 404 1120 "-" "Java/1.4.1_04" 85.185.224.155 - - [03/Jan/2009:07:02:58 +0200] "GET /phpbb2/ggs_style/{image/link} HTTP/1.1" 404 1120 "-" "Java/1.4.1_04" 85.185.224.155 - - [03/Jan/2009:07:03:02 +0200] "GET /phpbb2/ggs_style/{image/url} HTTP/1.1" 404 1120 "-" "Java/1.4.1_04" 85.185.224.155 - - [03/Jan/2009:07:03:02 +0200] "GET /phpbb2/ggs_style/{source/@url} HTTP/1.1" 404 1120 "-" "Java/1.4.1_04"

Do you think that is dangerous and what can I do?

Thanks in advance!

Code: Select all: # You may want to enable these lines below to disallow php, python, java and perl scripts to access your site RewriteCond %{HTTP_USER_AGENT} ^.*PHP.*$ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^.*libwww-perl [NC,OR] RewriteCond %{HTTP_USER_AGENT} LWP::Simple [NC,OR] RewriteCond %{HTTP_USER_AGENT} lwp-trivial [NC,OR] RewriteCond %{HTTP_USER_AGENT} (^Morfeus) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Morfeus [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^.*(curl|wget|python|nikto|scan).* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(python[-.]?urllib¦java/?[1-9]\.[0-9]) [NC] RewriteCond %{QUERY_STRING} ^(.*)=http: [NC] # Send the attacker BACK to its originating server's IP address. RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Maybe the problem is in ¦

RewriteCond %{HTTP_USER_AGENT} ^(python[-.]?urllib¦java/?[1-9]\.[0-9]) [NC]
Maybe it must be | ?
What do you think?