/ Server / Jorgee The Kidbot


Published:2017-05-22T13:23:24Z
One of the servers I manage got some sort of flood of HEAD requests from a kidbot named Jorgee
 

Whats kidbot anyway?

Kidbot: is a automated program (bot) which is run by KIDS so its commonly named kid-bot or kidbot :P
 
 

Analysis

Jorgee kidbot is searching for any web interface of mysql administration, so it can well .. y'know!!. I really don't use mysql much these days so cannot tell. But using a unprotected web-interface for something important like database is I'd say better avoided.
 
  • User-Agent: "Mozilla/5.0 Jorgee"
  • It performed 8-10 request/second.
  • All requests used the HEAD verb.
  • Requests are sourced to multiple ipv4 addresses( in some countries ).
  • All Requests originated from countries we don't have any business with them yet.
  • Time of requests 13:00-22:00
  • All requests don't have domain name in the url but an ip address instead, they look like http://172.0.0.1/phpmyadmin
 

Screenshot

Jorgee Kidbot
 
 

So what shall I do when I see Jorgee kidbot in my server log?

Just Smile :)
Next
openbsd pf rules for webservers
Previous
iptables rules for securing webservers
Tags