One of the servers I manage got some sort of flood of HEAD requests from a kidbot named Jorgee
Whats kidbot anyway?
Kidbot: is a automated program (bot) which is run by KIDS so its commonly named kid-bot or kidbot :P
Jorgee kidbot is searching for any web interface of mysql administration, so it can well .. y'know!!. I really don't use mysql much these days so cannot tell. But using a unprotected web-interface for something important like database is I'd say better avoided.
- User-Agent: "Mozilla/5.0 Jorgee"
- It performed 8-10 request/second.
- All requests used the HEAD verb.
- Requests are sourced to multiple ipv4 addresses( in some countries ).
- All Requests originated from countries we don't have any business with them yet.
- Time of requests 13:00-22:00
- All requests don't have domain name in the url but an ip address instead, they look like http://18.104.22.168/phpmyadmin
So what shall I do when I see Jorgee kidbot in my server log?
Just Smile :)
Nextopenbsd pf rules for webservers
Previousiptables rules for securing webservers