Drive By Scanning


I thought this was interesting: grepping through my logs, I noticed a burst of what looks like an automated vulnerability scanning. This is all interesting, because my blog is entirely made up of static pages (nothing to POST to), and uses no PHP. TL;DR ~80 GETs/POSTs from one IP for generic PHP and Wordpress pages, likely each with their own sets of known vulnerabilities. There were a couple others, but this one was the most interesting for me. IPs have been mostly sanitized.

user@bloghost:~/blog$ cat bloglog.txt | grep 192.185.aaa.bbb
192.185.aaa.bbb - - [05/Sep/2016:00:12:11 +0000] "POST / HTTP/1.1" 405 173 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
192.185.aaa.bbb - - [05/Sep/2016:00:12:11 +0000] "GET / HTTP/1.1" 200 12584 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Firefox/13.0" "-"
2016/09/05 00:12:12 [error] 5#5: *295 open() "/usr/share/nginx/html/wp-check.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /wp-check.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:12 +0000] "POST /wp-check.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:12 [error] 5#5: *296 open() "/usr/share/nginx/html/start.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /start.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:12 +0000] "POST /start.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:12 [error] 5#5: *297 open() "/usr/share/nginx/html/general.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /general.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:12 +0000] "POST /general.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:12 [error] 5#5: *298 open() "/usr/share/nginx/html/cache.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /cache.php?blog=1 HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:13 +0000] "POST /cache.php?blog=1 HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:13 [error] 5#5: *299 open() "/usr/share/nginx/html/ooimg.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /ooimg.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:13 +0000] "POST /ooimg.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:13 [error] 5#5: *300 open() "/usr/share/nginx/html/11.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /11.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:13 +0000] "POST /11.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:13 [error] 5#5: *301 open() "/usr/share/nginx/html/get.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /get.php?key=sdfadsgh4513sdGG435341FDGWWDFGDFHDFGDSFGDFSGDFG HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:14 +0000] "POST /get.php?key=sdfadsgh4513sdGG435341FDGWWDFGDFHDFGDSFGDFSGDFG HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:14 [error] 5#5: *302 open() "/usr/share/nginx/html/tmp.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /tmp.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:14 +0000] "POST /tmp.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:14 [error] 5#5: *303 open() "/usr/share/nginx/html/upgrade.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /upgrade.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:14 +0000] "POST /upgrade.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:14 [error] 5#5: *304 open() "/usr/share/nginx/html/cfiles.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /cfiles.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:14 +0000] "POST /cfiles.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:15 [error] 5#5: *305 open() "/usr/share/nginx/html/modx.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /modx.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:15 +0000] "POST /modx.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:15 [error] 5#5: *306 open() "/usr/share/nginx/html/stats.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /stats.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:15 +0000] "POST /stats.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:15 [error] 5#5: *307 open() "/usr/share/nginx/html/index.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /index.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:15 +0000] "POST /index.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:16 [error] 5#5: *308 open() "/usr/share/nginx/html/news.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /news.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:16 +0000] "POST /news.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:16 [error] 5#5: *309 open() "/usr/share/nginx/html/news_parser.class.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /news_parser.class.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:16 +0000] "POST /news_parser.class.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:16 [error] 5#5: *310 open() "/usr/share/nginx/html/configbak.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /configbak.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:16 +0000] "POST /configbak.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:16 [error] 5#5: *311 open() "/usr/share/nginx/html/shell.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /shell.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:17 +0000] "POST /shell.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:17 [error] 5#5: *312 open() "/usr/share/nginx/html/xmlrppc.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /xmlrppc.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:17 +0000] "POST /xmlrppc.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:17 [error] 5#5: *313 open() "/usr/share/nginx/html/adodb.class.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /adodb.class.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:17 +0000] "POST /adodb.class.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:17 [error] 5#5: *314 open() "/usr/share/nginx/html/configurationbak.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /configurationbak.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:17 +0000] "POST /configurationbak.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:18 [error] 5#5: *315 open() "/usr/share/nginx/html/wp-blog-header.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /wp-blog-header.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:18 +0000] "POST /wp-blog-header.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:28 [error] 5#5: *317 open() "/usr/share/nginx/html/wp-trackback.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /wp-trackback.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:28 +0000] "POST /wp-trackback.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:28 [error] 5#5: *318 open() "/usr/share/nginx/html/database.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /database.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:29 +0000] "POST /database.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:29 [error] 5#5: *319 open() "/usr/share/nginx/html/wp-checking.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /wp-checking.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:29 +0000] "POST /wp-checking.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:29 [error] 5#5: *320 open() "/usr/share/nginx/html/CHANGELOG.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /CHANGELOG.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:29 +0000] "POST /CHANGELOG.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:29 [error] 5#5: *321 open() "/usr/share/nginx/html/wp-activate.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /wp-activate.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:29 +0000] "POST /wp-activate.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:30 [error] 5#5: *322 open() "/usr/share/nginx/html/home.bak.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /home.bak.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:30 +0000] "POST /home.bak.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:30 [error] 5#5: *323 open() "/usr/share/nginx/html/error-log.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /error-log.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:30 +0000] "POST /error-log.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:30 [error] 5#5: *324 open() "/usr/share/nginx/html/gemb.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /gemb.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:30 +0000] "POST /gemb.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:31 [error] 5#5: *325 open() "/usr/share/nginx/html/.cpanel_config.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "POST /.cpanel_config.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:31 +0000] "POST /.cpanel_config.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20130722 Firefox/16.0" "-"
2016/09/05 00:12:31 [error] 5#5: *326 open() "/usr/share/nginx/html/wp-object-cache.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "GET /wp-object-cache.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:31 +0000] "GET /wp-object-cache.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Firefox/13.0" "-"
2016/09/05 00:12:31 [error] 5#5: *327 open() "/usr/share/nginx/html/wp-installation.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "GET /wp-installation.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:31 +0000] "GET /wp-installation.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Firefox/13.0" "-"
2016/09/05 00:12:31 [error] 5#5: *328 open() "/usr/share/nginx/html/filess.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "GET /filess.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:31 +0000] "GET /filess.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Firefox/13.0" "-"
2016/09/05 00:12:32 [error] 5#5: *329 open() "/usr/share/nginx/html/mide.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "GET /mide.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:32 +0000] "GET /mide.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Firefox/13.0" "-"
2016/09/05 00:12:32 [error] 5#5: *330 open() "/usr/share/nginx/html/popup-pomo.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "GET /popup-pomo.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:32 +0000] "GET /popup-pomo.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Firefox/13.0" "-"
2016/09/05 00:12:32 [error] 5#5: *331 open() "/usr/share/nginx/html/uu.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "GET /uu.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:32 +0000] "GET /uu.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Firefox/13.0" "-"
2016/09/05 00:12:33 [error] 5#5: *332 open() "/usr/share/nginx/html/license.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "GET /license.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:33 +0000] "GET /license.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Firefox/13.0" "-"
2016/09/05 00:12:33 [error] 5#5: *333 open() "/usr/share/nginx/html/tempfs.php" failed (2: No such file or directory), client: 192.185.aaa.bbb, server: localhost, request: "GET /tempfs.php HTTP/1.1", host: "jamesmunns.com"
192.185.aaa.bbb - - [05/Sep/2016:00:12:33 +0000] "GET /tempfs.php HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Firefox/13.0" "-"