Unusual website traffic

[November 5]

Got this from the logs today. Never seen any browsing pattern like it
before. Anything to be worried about?

208.71.173.74 "GET //CACATs HTTP/1.0" 404 1252 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //scripts/setup.php HTTP/1.0" 404 593 "-" "Mozilla/
4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/pma/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //db/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //dbadmin/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //myadmin/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //mysql/scripts/setup.php HTTP/1.0" 404 218 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //mysqladmin/scripts/setup.php HTTP/1.0" 404 223
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmyadmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmyadmin1/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmyadmin2/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //pma/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //web/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //php-my-admin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //websql/scripts/setup.php HTTP/1.0" 404 219 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmyadmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //php-my-admin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.0" 404
229 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.0" 404
229 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.0"
404 233 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.0"
404 233 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.0"
404 233 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.0"
404 233 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.0" 404
229 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/
1.0" 404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.0" 404
229 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.0"
404 593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //sqlmanager/scripts/setup.php HTTP/1.0" 404 223
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //mysqlmanager/scripts/setup.php HTTP/1.0" 404 225
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //p/m/a/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //pma2005/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmanager/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //php-myadmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //phpmy-admin/scripts/setup.php HTTP/1.0" 404 224
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //webadmin/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //sqlweb/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //websql/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //webdb/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //mysqladmin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //mysql-admin/scripts/setup.php HTTP/1.0" 404 593
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

 

[Paul]

Got this from the logs today. Never seen any browsing pattern like it
before. Anything to be worried about?

208.71.173.74 "GET //CACATs HTTP/1.0" 404 1252 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //scripts/setup.php HTTP/1.0" 404 593 "-" "Mozilla/
4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/pma/scripts/setup.php HTTP/1.0" 404 593 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
208.71.173.74 "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.0" 404
593 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

<< more scanning fun snipped >>

A quick search, using this as a search term:

admin/phpmyadmin/scripts/setup.php

says:

"ZmEu Attack"

I'm sure if you pop a few more of those in the search engine, there
may be other explanations.

As long as your server doesn't leak any details about itself,
that'll make it harder to crack.

HTH,
Paul

 

[Tim Watts]

Got this from the logs today. Never seen any browsing pattern like it
before. Anything to be worried about?

208.71.173.74 "GET //CACATs HTTP/1.0" 404 1252 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"

....

That's easy - someone's crappy cracking script is having a go at your
webserver trying to find an exploit.

If you get a lot of this, and it's annoying you, you could install
fail2ban and have it watch the log files for excessive 404 errors from
any one IP and it can drop a temporary iptables block in against that IP.

 

[Brian Cryer]

Got this from the logs today. Never seen any browsing pattern like it
before. Anything to be worried about?

208.71.173.74 "GET //CACATs HTTP/1.0" 404 1252 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"

<snip>

Paul and Tim seem to have adequatly answered this. For next time
alt.www.webmaster might be a more appropriate group to post this type of
question to.