Hackers Looking For Transfer Archive

Posted on Author KimballCategories TechnologyTags , ,

I launched a new website a few days ago. It’s a new CMS on a new web hosting account. Hackers seem to know it’s new. 5 days after launching the site see a lot of poking around in the file system, when i review the 404 report. This hacker was looking for archives used in the site transfer. Very clever. That archive would have the database password in it, in a config file. With the DB password you could hijack the site.

The 404 log listing below was scrubbed. I replaced the actual domain name with “sitename“. This domain is on the “.ORG” TLD.

Pro Tip: Password protect, or remove all site archive files ASAP.

3:36 AM/www_sitename_org.zipMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/www_sitename_org.tar.gzMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/www_sitename_org.rarMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/www_sitename_org.mdbMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitename_org.zipMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitename_org.tar.gzMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitename_org.rarMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitename_org.mdbMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitenameorg.zipMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitenameorg.tar.gzMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitenameorg.rarMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitenameorg.mdbMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitename.org.zipMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitename.org.tar.gzMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitename.org.rarMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/sitename.org.mdbMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:36 AM/wwwsitenameorg.zipMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:35 AM/wwwsitenameorg.tar.gzMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:35 AM/wwwsitenameorg.rarMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:35 AM/wwwsitenameorg.mdbMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:35 AM/sitename.zipMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
3:35 AM/sitename.tar.gzMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)

Published by

Kimball

Kimball is a website designer and developer in Goffstown, NH.

Leave a Reply

Your email address will not be published. Required fields are marked *