[Answered] Malicious visitor access?

[shinjuke]

What are some malicious visitor activities and what are some typical benign web crawler activities?

 

I recognize some ZmEu access, /HNAP1, some shell commands.I also see an access from hello world (instead of Mozilla/5.0 etc). I think most of these are malicious or just poking around. What are some common security issues, and what are some preventive measures I can take to address them heads on, other than banning ip addresses?

 

I also see some access to some .php, .index.php.bak, .asp, .jsp, that I did not upload or that is not part of public-html. How concerned should I be?

 

[wolstech]

Both of these are completely normal. Bots poke at websites for all sorts of things, with all sorts of user agents.

 

And yes, some are probably looking for a login page to abuse. Assuming your software is up to date, not full of security holes if you wrote it yourself, and you're not using Wordpress (which is easily compromised), you're probably fine.

[Krydos]

In the last 24 hours 5 different bots have tried to access /wp-content/db-cache.php on my account. I've never even had wordpress installed. The internet is awash in bots looking for easy to hack websites. This is just one of many reasons to not use wordpress.