post attempts

computerlady911 · Feb 23, 2007

My http log is full of this kind of stuff. I know it is something trying to post to my server, and it is not being successful. How can I stop it. As you can see there are many many different ip addresses. I have BFD but I don't think it will stop this sort of activity.

Code:

88.109.204.12 - - [23/Feb/2007:08:17:45 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
68.47.65.171 - - [23/Feb/2007:08:17:45 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
151.205.71.14 - - [23/Feb/2007:08:17:46 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
205.250.127.178 - - [23/Feb/2007:08:17:46 -0800] "POST /trustm3now/getpr0n.php HTTP/1.0" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
89.161.4.5 - - [23/Feb/2007:08:17:46 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
212.27.185.253 - - [23/Feb/2007:08:17:48 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
145.53.82.158 - - [23/Feb/2007:08:17:49 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
63.219.4.130 - - [23/Feb/2007:08:17:50 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
83.193.240.114 - - [23/Feb/2007:08:17:50 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
88.230.69.93 - - [23/Feb/2007:08:17:51 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
139.55.23.17 - - [23/Feb/2007:08:17:51 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
88.202.124.6 - - [23/Feb/2007:08:17:52 -0800] "POST /trustm3now/getpr0n.php HTTP/1.0" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
86.195.193.8 - - [23/Feb/2007:08:17:53 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
87.101.240.6 - - [23/Feb/2007:08:17:53 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
90.154.229.72 - - [23/Feb/2007:08:17:54 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
80.58.205.41 - - [23/Feb/2007:08:17:54 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
89.86.135.156 - - [23/Feb/2007:08:17:54 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
200.89.249.235 - - [23/Feb/2007:08:17:55 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
83.93.109.189 - - [23/Feb/2007:08:17:55 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
82.45.112.114 - - [23/Feb/2007:08:17:55 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
24.36.107.85 - - [23/Feb/2007:08:17:55 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
64.161.246.99 - - [23/Feb/2007:08:17:56 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.132.250.2 - - [23/Feb/2007:08:17:56 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
69.245.242.132 - - [23/Feb/2007:08:17:56 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
71.64.28.26 - - [23/Feb/2007:08:17:57 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
216.229.196.170 - - [23/Feb/2007:08:17:57 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
24.52.186.204 - - [23/Feb/2007:08:17:57 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
74.107.26.209 - - [23/Feb/2007:08:17:57 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
72.210.78.26 - - [23/Feb/2007:08:17:58 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
220.229.73.223 - - [23/Feb/2007:08:17:58 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
87.67.178.79 - - [23/Feb/2007:08:17:59 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
207.148.194.218 - - [23/Feb/2007:08:17:59 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
68.113.60.254 - - [23/Feb/2007:08:17:59 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
69.148.153.153 - - [23/Feb/2007:08:17:59 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
86.85.48.209 - - [23/Feb/2007:08:17:59 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
81.82.31.30 - - [23/Feb/2007:08:17:59 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
86.34.200.103 - - [23/Feb/2007:08:17:59 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
81.118.120.3 - - [23/Feb/2007:08:18:00 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
88.238.37.176 - - [23/Feb/2007:08:18:00 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
69.208.184.88 - - [23/Feb/2007:08:18:00 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
220.27.80.254 - - [23/Feb/2007:08:18:02 -0800] "POST /trustm3now/getpr0n.php HTTP/1.0" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
24.218.145.94 - - [23/Feb/2007:08:18:02 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
87.4.88.86 - - [23/Feb/2007:08:18:02 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
68.51.107.107 - - [23/Feb/2007:08:18:02 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
88.238.119.88 - - [23/Feb/2007:08:18:03 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
83.203.212.198 - - [23/Feb/2007:08:18:03 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
124.38.75.110 - - [23/Feb/2007:08:18:03 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
125.99.6.58 - - [23/Feb/2007:08:18:04 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
196.206.93.99 - - [23/Feb/2007:08:18:04 -0800] "POST /trustm3now/getpr0n.php HTTP/1.1" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
71.30.211.217 - - [23/Feb/2007:08:18:04 -0800] "POST /trustm3now/getpr0n.php HTTP/1.0" 404 298 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

toml · Feb 23, 2007

Looks like someones trojan got your IP address. There are a few details here http://cz.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=TROJ_AGENT.GCD

computerlady911 · Feb 23, 2007

Yeah, I knew about that. but how do I stop it? It seems to be coming from a lot of people. Most of these ip addresses are in amsterdam.

toml · Feb 23, 2007

There really isn't anything you can do. These people all have a trojan and that is causing their computers to hit your server. They are mostly in Amsterdam now, but like most trojans, it will migrate to other countries soon. Other than changing your IP address, I don't think you will be able to do too much.

computerlady911 · Mar 4, 2007

block based on file

I am getting over 500 attemps every half an hour! Every single one of them is a unique ip address. Is there a way to block them based on the file they are looking for?

post attempts

computerlady911

Verified User

toml

Verified User

computerlady911

Verified User

toml

Verified User

computerlady911

Verified User